fornellas / resonance / 13268376255 / 3
41%
master: 41%

DEFAULT BRANCH: master
Ran
Files 38
Run time 533min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 56.393% (+0.2%) from 56.159%
13268376255.3

push

github

web-flow 
Add missing SSH options (#245)

Ssh client has various extra options which were not exposed. Without
them, connecting to hosts may be impossible. Eg:

- `ssh` command has its own list of `HostKeyAlgorithms`.
- `ssh` successfully connects to a host, using one of the algorithms
there, and adds the fingerprint to `known_hosts`.
- Go has _its own_ values for that at
https://pkg.go.dev/golang.org/x/crypto/ssh#ClientConfig.
- Go may then find a _different_ host key algorithm to connect, and
attempts to connect.
- `known_hosts` validation fails with
https://pkg.go.dev/golang.org/x/crypto@v0.33.0/ssh/knownhosts#KeyError,
because the chosen host key algorithm differs from the key algorithm
present on `known_hosts` (added by `ssh` previously).
- The error message is cryptic: `"knownhosts: key mismatch"`.

This PR:

- Wraps around `KeyError`, with information regarding the host key
algorithm and any entries at `known_hosts`. It also suggests ways around
it.
- Add all extra ssh client options that we may ever need, so wahtever
the scenario, we'll be able to connect.

In the failure scenario above, connection can be established by either:

- Passing `--target-ssh-host-key-algorithms=$(known_hosts key
algorithm)`.
- `ssh-keygen -R $host` then `ssh -o HostKeyAlgorithms=$(preferred
algorithm used by Go and `ssh``) $host` (eg: `ecdsa-sha2-nistp256`).

The former is easy, the latter a bit hard. We can see the algos from ssh
with `ssh -Q HostKeyAlgorithms`, but Go, sadly, makes this list private.
As of now, this is the list:

```
"rsa-sha2-256-cert-v01@openssh.com"
"rsa-sha2-512-cert-v01@openssh.com"
"ssh-rsa-cert-v01@openssh.com"
"ssh-dss-cert-v01@openssh.com"
"ecdsa-sha2-nistp256-cert-v01@openssh.com"
"ecdsa-sha2-nistp384-cert-v01@openssh.com"
"ecdsa-sha2-nistp521-cert-v01@openssh.com"
"ssh-ed25519-cert-v01@openssh.com"
"ecdsa-sha2-nistp256"
"ecdsa-sha2-nistp384"
"ecdsa-sha2-nistp521"
"rsa-sha2-256"
"rsa-sha2-512"
"ssh-... (continued)

3687 of 6538 relevant lines covered (56.39%)

1.18 hits per line

Source Files on job linux.386 - 13268376255.3