Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
GitHub is where the world builds software
Millions of developers and companies build, ship, and maintain their software on GitHub — the largest and most advanced development platform in the world.
x/crypto/ssh: Support OpenSSH protocol extension for host key rotation #14114
in the handshake, the server can only offer one key of each type to the client. Hence, it doesn't make much sense to change AddHostKey.
The document you describe is a global request/response call, which can be implemented in the application layer, in particular, the request will be sent to the request channel returned from https://godoc.org/golang.org/x/crypto/ssh#NewServerConn . Since the SSH library doesn't include a real server application layer implementation, it's not obvious where to hook it up.
I have the following suggestion: you could write a set of functions that will let a client issue the request, let the server send a set of new keys, and let the client verify them. If you implement both sides, you can unittest them against each other. Then people can install these functions into clients or servers as they please.
I think these functions should live outside the SSH package proper, since it is an application level mechanism, and not really a protocol extension. If we have a library, we could put it into standard library as (say) x/crypto/ssh/keyrotate/
I am strongly in favor of putting any and all application extensions into separate packages, rather than adding them to the ssh library. This makes the SSH package more maintainable, and easier to understand to callers.