Use of insecure HostKeyCallback implementation

[riteshsonawane1372]

Tasks

• [API][HA](*) Fix code scanning alert - Use of insecure HostKeyCallback implementation #47

Use of insecure HostKeyCallback implementation

Solution ✔️

HostKeyCallback: ssh.HostKeyCallback(
	func(hostname string, remote net.Addr, key ssh.PublicKey) error {
		return nil
}),

Screenshots 🖼️

Note to reviewers 📓

[dipankardas011]

@riteshsonawane1372 are there no other methods available?

[riteshsonawane1372]

FixedHostKey : When the allow list contains only a single host key

HostKeyCallback: ssh.FixedHostKey(publicKey),

[riteshsonawane1372]

func secureHostKeyCallback() {
	publicKeyBytes, _ := ioutil.ReadFile("allowed_hostkey.pub")
	publicKey, _ := ssh.ParsePublicKey(publicKeyBytes)

	_ = &ssh.ClientConfig{
		User:            "username",
		Auth:            []ssh.AuthMethod{nil},
		HostKeyCallback: ssh.FixedHostKey(publicKey),
	}
}

[dipankardas011]

@riteshsonawane1372 could you replace the password-based auth with ssh key auth?
if you are up for it

[dipankardas011]

Remove the comment

[riteshsonawane1372]

@riteshsonawane1372 could you replace the password-based auth with ssh key auth? if you are up for it

	signer, _ := ssh.ParsePrivateKey([]byte(password))
	config := &ssh.ClientConfig{
		User: "root",
		Auth: []ssh.AuthMethod{
			ssh.PublicKeys(signer),
		},
		HostKeyCallback: ssh.HostKeyCallback(
			func(hostname string, remote net.Addr, key ssh.PublicKey) error {
				return nil
		

[dipankardas011]

@riteshsonawane1372 could you replace the password-based auth with ssh key auth? if you are up for it

	signer, _ := ssh.ParsePrivateKey([]byte(password))
	config := &ssh.ClientConfig{
		User: "root",
		Auth: []ssh.AuthMethod{
			ssh.PublicKeys(signer),
		},
		HostKeyCallback: ssh.HostKeyCallback(
			func(hostname string, remote net.Addr, key ssh.PublicKey) error {
				return nil
		

If we can move to private key Auth
We have to create sshkeypair function and delete when delete cluster
Get the key and save it to ksctl cluster folder and use it to ssh
Ig that will match with rest of the cloud providers
@AvineshTripathi @kranurag7 your thoughts

[dipankardas011]

• Issue [Feature] [CLI] (ALL) SSH key pair as default auth mathod for ssh sessions #61
  @AvineshTripathi

[riteshsonawane1372]

@riteshsonawane1372 could you replace the password-based auth with ssh key auth? if you are up for it

	signer, _ := ssh.ParsePrivateKey([]byte(password))
	config := &ssh.ClientConfig{
		User: "root",
		Auth: []ssh.AuthMethod{
			ssh.PublicKeys(signer),
		},
		HostKeyCallback: ssh.HostKeyCallback(
			func(hostname string, remote net.Addr, key ssh.PublicKey) error {
				return nil
		

If we can move to private key Auth We have to create sshkeypair function and delete when delete cluster Get the key and save it to ksctl cluster folder and use it to ssh Ig that will match with rest of the cloud providers @AvineshTripathi @kranurag7 your thoughts

Can you describe a bit ?

[dipankardas011]

@riteshsonawane1372 could you replace the password-based auth with ssh key auth? if you are up for it

	signer, _ := ssh.ParsePrivateKey([]byte(password))
	config := &ssh.ClientConfig{
		User: "root",
		Auth: []ssh.AuthMethod{
			ssh.PublicKeys(signer),
		},
		HostKeyCallback: ssh.HostKeyCallback(
			func(hostname string, remote net.Addr, key ssh.PublicKey) error {
				return nil
		

If we can move to private key Auth We have to create sshkeypair function and delete when delete cluster Get the key and save it to ksctl cluster folder and use it to ssh Ig that will match with rest of the cloud providers @AvineshTripathi @kranurag7 your thoughts

Can you describe a bit ?

ig it will be clear if you can check the Issue created still any doubt we can discuss

[dipankardas011]

@riteshsonawane1372 you are working on main branch do checkout to a different branch
I am closing this PR you can create a another PR as this PR will break the main branch code
ig some miscommunication between us
we can communicate what needs to be done (i.e. the workflow and how to change the src code) 👍🏼