mirrors/terraform-provider-proxmox
0
0
Fork 0
mirror of https://github.com/bpg/terraform-provider-proxmox.git synced 2025-06-30 02:31:10 +00:00
Code

fix(provider): improve known_hosts handling in SSH client (#1918)

Browse Source 
Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
This commit is contained in:
Pavel Boldyrev 2025-04-20 21:14:43 -04:00 committed by GitHub
parent fd24c5a740
commit 49d366e45b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
proxmox/ssh/client.go
View File

@ -498,7 +498,7 @@ func (c *client) openNodeShell(ctx context.Context, node ProxmoxNode) (*ssh.Clie
} }
} }
kh, err := knownhosts.New(khPath) kh, err := knownhosts.NewDB(khPath)
if err != nil { if err != nil {
return nil, fmt.Errorf("failed to read %s: %w", khPath, err) return nil, fmt.Errorf("failed to read %s: %w", khPath, err)
} }
@ -506,7 +506,7 @@ func (c *client) openNodeShell(ctx context.Context, node ProxmoxNode) (*ssh.Clie
// Create a custom permissive host key callback which still errors on hosts // Create a custom permissive host key callback which still errors on hosts
// with changed keys, but allows unknown hosts and adds them to known_hosts // with changed keys, but allows unknown hosts and adds them to known_hosts
cb := ssh.HostKeyCallback(func(hostname string, remote net.Addr, key ssh.PublicKey) error { cb := ssh.HostKeyCallback(func(hostname string, remote net.Addr, key ssh.PublicKey) error {
khErr := kh(hostname, remote, key) khErr := kh.HostKeyCallback()(hostname, remote, key)
if knownhosts.IsHostKeyChanged(khErr) { if knownhosts.IsHostKeyChanged(khErr) {
return fmt.Errorf("REMOTE HOST IDENTIFICATION HAS CHANGED for host %s! This may indicate a MitM attack", hostname) return fmt.Errorf("REMOTE HOST IDENTIFICATION HAS CHANGED for host %s! This may indicate a MitM attack", hostname)
} }
@ -574,7 +574,7 @@ func (c *client) openNodeShell(ctx context.Context, node ProxmoxNode) (*ssh.Clie
func (c *client) createSSHClient( func (c *client) createSSHClient(
ctx context.Context, ctx context.Context,
cb ssh.HostKeyCallback, cb ssh.HostKeyCallback,
kh knownhosts.HostKeyCallback, kh *knownhosts.HostKeyDB,
sshHost string, sshHost string,
) (*ssh.Client, error) { ) (*ssh.Client, error) {
if c.password == "" { if c.password == "" {
@ -595,7 +595,7 @@ func (c *client) createSSHClient(
func (c *client) createSSHClientAgent( func (c *client) createSSHClientAgent(
ctx context.Context, ctx context.Context,
cb ssh.HostKeyCallback, cb ssh.HostKeyCallback,
kh knownhosts.HostKeyCallback, kh *knownhosts.HostKeyDB,
sshHost string, sshHost string,
) (*ssh.Client, error) { ) (*ssh.Client, error) {
conn, err := dialSocket(c.agentSocket) conn, err := dialSocket(c.agentSocket)
@ -618,7 +618,7 @@ func (c *client) createSSHClientAgent(
func (c *client) createSSHClientWithPrivateKey( func (c *client) createSSHClientWithPrivateKey(
ctx context.Context, ctx context.Context,
cb ssh.HostKeyCallback, cb ssh.HostKeyCallback,
kh knownhosts.HostKeyCallback, kh *knownhosts.HostKeyDB,
sshHost string, sshHost string,
) (*ssh.Client, error) { ) (*ssh.Client, error) {
privateKey, err := ssh.ParsePrivateKey([]byte(c.privateKey)) privateKey, err := ssh.ParsePrivateKey([]byte(c.privateKey))