fornellas / resonance / 13268376255
41%

DEFAULT BRANCH: master
Ran
Jobs 5
Files 0
Run time
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
13268376255

push

github

web-flow 
Add missing SSH options (#245)

Ssh client has various extra options which were not exposed. Without
them, connecting to hosts may be impossible. Eg:

- `ssh` command has its own list of `HostKeyAlgorithms`.
- `ssh` successfully connects to a host, using one of the algorithms
there, and adds the fingerprint to `known_hosts`.
- Go has _its own_ values for that at
https://pkg.go.dev/golang.org/x/crypto/ssh#ClientConfig.
- Go may then find a _different_ host key algorithm to connect, and
attempts to connect.
- `known_hosts` validation fails with
https://pkg.go.dev/golang.org/x/crypto@v0.33.0/ssh/knownhosts#KeyError,
because the chosen host key algorithm differs from the key algorithm
present on `known_hosts` (added by `ssh` previously).
- The error message is cryptic: `"knownhosts: key mismatch"`.

This PR:

- Wraps around `KeyError`, with information regarding the host key
algorithm and any entries at `known_hosts`. It also suggests ways around
it.
- Add all extra ssh client options that we may ever need, so wahtever
the scenario, we'll be able to connect.

In the failure scenario above, connection can be established by either:

- Passing `--target-ssh-host-key-algorithms=$(known_hosts key
algorithm)`.
- `ssh-keygen -R $host` then `ssh -o HostKeyAlgorithms=$(preferred
algorithm used by Go and `ssh``) $host` (eg: `ecdsa-sha2-nistp256`).

The former is easy, the latter a bit hard. We can see the algos from ssh
with `ssh -Q HostKeyAlgorithms`, but Go, sadly, makes this list private.
As of now, this is the list:

```
"rsa-sha2-256-cert-v01@openssh.com"
"rsa-sha2-512-cert-v01@openssh.com"
"ssh-rsa-cert-v01@openssh.com"
"ssh-dss-cert-v01@openssh.com"
"ecdsa-sha2-nistp256-cert-v01@openssh.com"
"ecdsa-sha2-nistp384-cert-v01@openssh.com"
"ecdsa-sha2-nistp521-cert-v01@openssh.com"
"ssh-ed25519-cert-v01@openssh.com"
"ecdsa-sha2-nistp256"
"ecdsa-sha2-nistp384"
"ecdsa-sha2-nistp521"
"rsa-sha2-256"
"rsa-sha2-512"
"ssh-... (continued)
Jobs
ID Job ID Ran Files Coverage
1 linux.arm64 - 13268376255.1 38
56.49
 GitHub Action Run
2 linux.amd64 - 13268376255.2 38
56.39
 GitHub Action Run
3 linux.386 - 13268376255.3 38
56.39
 GitHub Action Run
4 darwin.amd64 - 13268376255.4 35
12.12
 GitHub Action Run
5 darwin.arm64 - 13268376255.5 35
12.12
 GitHub Action Run
Source Files on build 13268376255
Detailed source file information is not available for this build.