Skip to content

Commit b6bc0c0

Browse files
pjbgfpjbgf
authored
Merge pull request #1346 from go-git/revert-1157-ja/knownHostsDb
Revert "plumbing: transport/ssh, Add support for SSH @cert-authority."
2 parents 88c7471 + 42f9d6b commit b6bc0c0

File tree

3 files changed

+12
-124
lines changed

3 files changed

+12
-124
lines changed

plumbing/transport/ssh/auth_method.go

Lines changed: 6 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -230,11 +230,11 @@ func (a *PublicKeysCallback) ClientConfig() (*ssh.ClientConfig, error) {
230230
// ~/.ssh/known_hosts
231231
// /etc/ssh/ssh_known_hosts
232232
func NewKnownHostsCallback(files ...string) (ssh.HostKeyCallback, error) {
233-
db, err := newKnownHostsDb(files...)
234-
return db.HostKeyCallback(), err
233+
kh, err := newKnownHosts(files...)
234+
return ssh.HostKeyCallback(kh), err
235235
}
236236

237-
func newKnownHostsDb(files ...string) (*knownhosts.HostKeyDB, error) {
237+
func newKnownHosts(files ...string) (knownhosts.HostKeyCallback, error) {
238238
var err error
239239

240240
if len(files) == 0 {
@@ -247,7 +247,7 @@ func newKnownHostsDb(files ...string) (*knownhosts.HostKeyDB, error) {
247247
return nil, err
248248
}
249249

250-
return knownhosts.NewDB(files...)
250+
return knownhosts.New(files...)
251251
}
252252

253253
func getDefaultKnownHostsFiles() ([]string, error) {
@@ -301,12 +301,11 @@ type HostKeyCallbackHelper struct {
301301
// HostKeyCallback is empty a default callback is created using
302302
// NewKnownHostsCallback.
303303
func (m *HostKeyCallbackHelper) SetHostKeyCallback(cfg *ssh.ClientConfig) (*ssh.ClientConfig, error) {
304+
var err error
304305
if m.HostKeyCallback == nil {
305-
db, err := newKnownHostsDb()
306-
if err != nil {
306+
if m.HostKeyCallback, err = NewKnownHostsCallback(); err != nil {
307307
return cfg, err
308308
}
309-
m.HostKeyCallback = db.HostKeyCallback()
310309
}
311310

312311
cfg.HostKeyCallback = m.HostKeyCallback

plumbing/transport/ssh/auth_method_test.go

Lines changed: 1 addition & 105 deletions
Original file line numberDiff line numberDiff line change
@@ -18,8 +18,7 @@ import (
1818
type (
1919
SuiteCommon struct{}
2020

21-
mockKnownHosts struct{}
22-
mockKnownHostsWithCert struct{}
21+
mockKnownHosts struct{}
2322
)
2423

2524
func (mockKnownHosts) host() string { return "github.com" }
@@ -28,19 +27,6 @@ func (mockKnownHosts) knownHosts() []byte {
2827
}
2928
func (mockKnownHosts) Network() string { return "tcp" }
3029
func (mockKnownHosts) String() string { return "github.com:22" }
31-
func (mockKnownHosts) Algorithms() []string {
32-
return []string{ssh.KeyAlgoRSA, ssh.KeyAlgoRSASHA256, ssh.KeyAlgoRSASHA512}
33-
}
34-
35-
func (mockKnownHostsWithCert) host() string { return "github.com" }
36-
func (mockKnownHostsWithCert) knownHosts() []byte {
37-
return []byte(`@cert-authority github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==`)
38-
}
39-
func (mockKnownHostsWithCert) Network() string { return "tcp" }
40-
func (mockKnownHostsWithCert) String() string { return "github.com:22" }
41-
func (mockKnownHostsWithCert) Algorithms() []string {
42-
return []string{ssh.CertAlgoRSASHA512v01, ssh.CertAlgoRSASHA256v01, ssh.CertAlgoRSAv01}
43-
}
4430

4531
var _ = Suite(&SuiteCommon{})
4632

@@ -244,93 +230,3 @@ func (*SuiteCommon) TestNewKnownHostsCallback(c *C) {
244230
err = clb(mock.String(), mock, hostKey)
245231
c.Assert(err, IsNil)
246232
}
247-
248-
func (*SuiteCommon) TestNewKnownHostsDbWithoutCert(c *C) {
249-
if runtime.GOOS == "js" {
250-
c.Skip("not available in wasm")
251-
}
252-
253-
var mock = mockKnownHosts{}
254-
255-
f, err := util.TempFile(osfs.Default, "", "known-hosts")
256-
c.Assert(err, IsNil)
257-
258-
_, err = f.Write(mock.knownHosts())
259-
c.Assert(err, IsNil)
260-
261-
err = f.Close()
262-
c.Assert(err, IsNil)
263-
264-
defer util.RemoveAll(osfs.Default, f.Name())
265-
266-
f, err = osfs.Default.Open(f.Name())
267-
c.Assert(err, IsNil)
268-
269-
defer f.Close()
270-
271-
db, err := newKnownHostsDb(f.Name())
272-
c.Assert(err, IsNil)
273-
274-
algos := db.HostKeyAlgorithms(mock.String())
275-
c.Assert(algos, HasLen, len(mock.Algorithms()))
276-
277-
contains := func(container []string, value string) bool {
278-
for _, inner := range container {
279-
if inner == value {
280-
return true
281-
}
282-
}
283-
return false
284-
}
285-
286-
for _, algorithm := range mock.Algorithms() {
287-
if !contains(algos, algorithm) {
288-
c.Error("algos does not contain ", algorithm)
289-
}
290-
}
291-
}
292-
293-
func (*SuiteCommon) TestNewKnownHostsDbWithCert(c *C) {
294-
if runtime.GOOS == "js" {
295-
c.Skip("not available in wasm")
296-
}
297-
298-
var mock = mockKnownHostsWithCert{}
299-
300-
f, err := util.TempFile(osfs.Default, "", "known-hosts")
301-
c.Assert(err, IsNil)
302-
303-
_, err = f.Write(mock.knownHosts())
304-
c.Assert(err, IsNil)
305-
306-
err = f.Close()
307-
c.Assert(err, IsNil)
308-
309-
defer util.RemoveAll(osfs.Default, f.Name())
310-
311-
f, err = osfs.Default.Open(f.Name())
312-
c.Assert(err, IsNil)
313-
314-
defer f.Close()
315-
316-
db, err := newKnownHostsDb(f.Name())
317-
c.Assert(err, IsNil)
318-
319-
algos := db.HostKeyAlgorithms(mock.String())
320-
c.Assert(algos, HasLen, len(mock.Algorithms()))
321-
322-
contains := func(container []string, value string) bool {
323-
for _, inner := range container {
324-
if inner == value {
325-
return true
326-
}
327-
}
328-
return false
329-
}
330-
331-
for _, algorithm := range mock.Algorithms() {
332-
if !contains(algos, algorithm) {
333-
c.Error("algos does not contain ", algorithm)
334-
}
335-
}
336-
}

plumbing/transport/ssh/common.go

Lines changed: 5 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@ import (
1111

1212
"github.com/go-git/go-git/v5/plumbing/transport"
1313
"github.com/go-git/go-git/v5/plumbing/transport/internal/common"
14+
"github.com/skeema/knownhosts"
1415

1516
"github.com/kevinburke/ssh_config"
1617
"golang.org/x/crypto/ssh"
@@ -126,25 +127,17 @@ func (c *command) connect() error {
126127
}
127128
hostWithPort := c.getHostWithPort()
128129
if config.HostKeyCallback == nil {
129-
db, err := newKnownHostsDb()
130+
kh, err := newKnownHosts()
130131
if err != nil {
131132
return err
132133
}
133-
134-
config.HostKeyCallback = db.HostKeyCallback()
135-
config.HostKeyAlgorithms = db.HostKeyAlgorithms(hostWithPort)
134+
config.HostKeyCallback = kh.HostKeyCallback()
135+
config.HostKeyAlgorithms = kh.HostKeyAlgorithms(hostWithPort)
136136
} else if len(config.HostKeyAlgorithms) == 0 {
137137
// Set the HostKeyAlgorithms based on HostKeyCallback.
138138
// For background see https://github.com/go-git/go-git/issues/411 as well as
139139
// https://github.com/golang/go/issues/29286 for root cause.
140-
db, err := newKnownHostsDb()
141-
if err != nil {
142-
return err
143-
}
144-
145-
// Note that the knownhost database is used, as it provides additional functionality
146-
// to handle ssh cert-authorities.
147-
config.HostKeyAlgorithms = db.HostKeyAlgorithms(hostWithPort)
140+
config.HostKeyAlgorithms = knownhosts.HostKeyAlgorithms(config.HostKeyCallback, hostWithPort)
148141
}
149142

150143
overrideConfig(c.config, config)

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy