mirror of
https://github.com/fluxcd/flux2.git
synced 2026-02-21 23:21:48 +00:00
c5491b9da8
This is an initial implementation and not a replacement candidate for ssh-keyscan since it does only scan the key of the algorithm the client and server agreed upon. This agreement may change depending on the key being used, making it useless for distributed usages.
40 lines
828 B
Go
40 lines
828 B
Go
package keyscan
|
|
|
|
import (
|
|
"encoding/base64"
|
|
"fmt"
|
|
"net"
|
|
|
|
"golang.org/x/crypto/ssh"
|
|
"golang.org/x/crypto/ssh/knownhosts"
|
|
)
|
|
|
|
func ScanKeys(host string) ([]byte, error) {
|
|
col := &collector{}
|
|
config := &ssh.ClientConfig{
|
|
User: "git",
|
|
HostKeyCallback: col.StoreKey(),
|
|
}
|
|
client, err := ssh.Dial("tcp", host, config)
|
|
if err == nil {
|
|
defer client.Close()
|
|
}
|
|
if len(col.knownKeys) > 0 {
|
|
return col.knownKeys, nil
|
|
}
|
|
return col.knownKeys, err
|
|
}
|
|
|
|
type collector struct {
|
|
knownKeys []byte
|
|
}
|
|
|
|
func (c *collector) StoreKey() ssh.HostKeyCallback {
|
|
return func(hostname string, remote net.Addr, key ssh.PublicKey) error {
|
|
c.knownKeys = append(
|
|
c.knownKeys,
|
|
fmt.Sprintf("%s %s %s\n", knownhosts.Normalize(hostname), key.Type(), base64.StdEncoding.EncodeToString(key.Marshal()))...,
|
|
)
|
|
return nil
|
|
}
|
|
}
|