You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.
I tried to use knownhosts.New along with a file using @cert-authority wildcards that are intended to match a server listening on a port other than 22. In short, I believe the following unit test should pass (it does not in current version):
Thanks for the issue. The code above currently using internal functions like testDB. Could you explain what exported functions this is affecting? Could you add an example using exported functions? Thanks.
That code is a unit test for you in the x/crypto/ssh/knownhosts package itself, so it certainly uses internal functions :) The issue isn't about code using exported APIs. The exported APIs are fine. The issue is that the wildcard parser internal to the package does not appear to handle the same wildcards in a known-hosts file that OpenSSH does. The unit test above shows exactly the kind of line that OpenSSH will match, but that the Go library currently doesn't (the test currently fails, to demonstrate this).
Yes -- A user trying to use the host key returned by knownhosts.New will find that in fact the callback does not appear to conform to the behavior of OpenSSH, as the docs state it should:
New creates a host key callback from the given OpenSSH host key files.
For example (and codified in the unit test I've provided), if the known-hosts file contains an entry like @cert-authority * ssh-rsa AAAAkeymaterial...., the Go library fails to match it, whereas OpenSSH will.
I clarified the test case a bit and tried to rename it more precisely (original version didn't have the actual @cert-authority string, so maybe that's why it is confusing?)