-
Notifications
You must be signed in to change notification settings - Fork 1.3k
/
knownhosts.go
80 lines (69 loc) · 1.92 KB
/
knownhosts.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
package ssh
import (
"bufio"
"errors"
"fmt"
"net"
"os"
"strings"
"golang.org/x/crypto/ssh"
"golang.org/x/crypto/ssh/knownhosts"
)
// InteractiveHostKeyCallback verifying the host key against known_hosts and adding the key if
// the user replies accordingly.
func InteractiveHostKeyCallback(knownHostsFilePath string) (ssh.HostKeyCallback, error) {
validator, err := knownhosts.New(knownHostsFilePath)
if err != nil {
return nil, err
}
return func(hostname string, remote net.Addr, key ssh.PublicKey) error {
err := validator(hostname, remote, key)
if err == nil {
return nil
}
var keyErr *knownhosts.KeyError
if errors.As(err, &keyErr) && len(keyErr.Want) == 0 {
shouldAdd, err := askToAddHostKey(hostname, remote, key)
if err != nil || !shouldAdd {
return err
}
if err := addHostKey(knownHostsFilePath, hostname, remote, key); err != nil {
return err
}
return nil
}
return err
}, nil
}
func askToAddHostKey(hostname string, remote net.Addr, key ssh.PublicKey) (bool, error) {
reader := bufio.NewReader(os.Stdin)
fmt.Printf(
`The authenticity of host '%s (%s)' can't be established.
ECDSA key fingerprint is %s.
Are you sure you want to continue connecting (yes/no)? `,
hostname, remote, ssh.FingerprintSHA256(key),
)
confirmation, err := reader.ReadString('\n')
if err != nil {
return false, err
}
confirmation = strings.TrimSpace(confirmation)
if confirmation == "yes" {
return true, nil
}
if confirmation == "no" {
return false, nil
}
fmt.Println("Please reply with either yes or no.")
return askToAddHostKey(hostname, remote, key)
}
func addHostKey(knownHostsFilePath string, hostname string, remote net.Addr, key ssh.PublicKey) error {
f, err := os.OpenFile(knownHostsFilePath, os.O_APPEND|os.O_WRONLY, 0600)
if err != nil {
return err
}
defer f.Close()
addresses := []string{hostname}
_, err = f.WriteString(knownhosts.Line(addresses, key))
return err
}