From 63c658886436bf1e5ab690522e0e4269962c89b7 Mon Sep 17 00:00:00 2001 From: Artem Nistratov Date: Wed, 27 Nov 2024 16:06:51 +0300 Subject: [PATCH 1/3] use proxy.Dial instead of net.Dial for ScanHostKey ssh.Dial uses net.DialTimeout under the hood and there is no possibility to use a proxy when running command like `flux create source git` so we use almost all internal implementation of ssh.Dial except net.DialTimeout is replaced with proxy.Dial like it is done in go-git Signed-off-by: Artem Nistratov --- ssh/go.mod | 2 +- ssh/host_key.go | 18 +++++++++++++++--- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/ssh/go.mod b/ssh/go.mod index a9f24343d..a98fce32c 100644 --- a/ssh/go.mod +++ b/ssh/go.mod @@ -5,11 +5,11 @@ go 1.22.0 require ( github.com/onsi/gomega v1.34.2 golang.org/x/crypto v0.27.0 + golang.org/x/net v0.29.0 ) require ( github.com/google/go-cmp v0.6.0 // indirect - golang.org/x/net v0.29.0 // indirect golang.org/x/sys v0.25.0 // indirect golang.org/x/text v0.18.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect diff --git a/ssh/host_key.go b/ssh/host_key.go index e3b2e8d34..cde1be88b 100644 --- a/ssh/host_key.go +++ b/ssh/host_key.go @@ -17,6 +17,7 @@ limitations under the License. package ssh import ( + "context" "encoding/base64" "fmt" "net" @@ -24,6 +25,7 @@ import ( "golang.org/x/crypto/ssh" "golang.org/x/crypto/ssh/knownhosts" + "golang.org/x/net/proxy" ) // ScanHostKey collects the given host's preferred public key for the @@ -45,10 +47,20 @@ func ScanHostKey(host string, timeout time.Duration, clientHostKeyAlgos []string config.HostKeyAlgorithms = clientHostKeyAlgos } - client, err := ssh.Dial("tcp", host, config) - if err == nil { - defer client.Close() + ctx, cancel := context.WithTimeout(context.Background(), timeout) + defer cancel() + // support for ALL_PROXY ENV varaible + conn, err := proxy.Dial(ctx, "tcp", host) + if err != nil { + return nil, err } + c, chans, reqs, err := ssh.NewClientConn(conn, host, config) + if err != nil { + return nil, err + } + client := ssh.NewClient(c, chans, reqs) + defer client.Close() + if len(col.knownKeys) > 0 { return col.knownKeys, nil } From ddb3fd81065a8b1b17510632c8c43f53ed36b4bf Mon Sep 17 00:00:00 2001 From: Artem Nistratov Date: Wed, 27 Nov 2024 19:19:24 +0300 Subject: [PATCH 2/3] imitate ssh.Dial func for simplicity previously ScanHostKey ignored any SSH/network errors in case it managed to get host keys to make it more obvious we imitate `ssh.Dial` with `sshDial` func Signed-off-by: Artem Nistratov --- ssh/host_key.go | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/ssh/host_key.go b/ssh/host_key.go index cde1be88b..e603d1680 100644 --- a/ssh/host_key.go +++ b/ssh/host_key.go @@ -47,24 +47,31 @@ func ScanHostKey(host string, timeout time.Duration, clientHostKeyAlgos []string config.HostKeyAlgorithms = clientHostKeyAlgos } - ctx, cancel := context.WithTimeout(context.Background(), timeout) + err := sshDial(host, config) + + if len(col.knownKeys) > 0 { + return col.knownKeys, nil + } + + return col.knownKeys, err +} + +func sshDial(host string, config *ssh.ClientConfig) error { + ctx, cancel := context.WithTimeout(context.Background(), config.Timeout) defer cancel() - // support for ALL_PROXY ENV varaible + // this reads the ALL_PROXY environment varaible conn, err := proxy.Dial(ctx, "tcp", host) if err != nil { - return nil, err + return err } c, chans, reqs, err := ssh.NewClientConn(conn, host, config) if err != nil { - return nil, err + return err } client := ssh.NewClient(c, chans, reqs) defer client.Close() - if len(col.knownKeys) > 0 { - return col.knownKeys, nil - } - return col.knownKeys, err + return nil } // HostKeyCollector offers a StoreKey method which provides an From 2be5563d531b79a254192fe125477f2834aea3f9 Mon Sep 17 00:00:00 2001 From: Artem Nistratov Date: Mon, 27 Jan 2025 15:56:26 +0300 Subject: [PATCH 3/3] fix formatting after conflict resolve Signed-off-by: Artem Nistratov --- ssh/go.mod | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ssh/go.mod b/ssh/go.mod index 2d0948b91..8bf004089 100644 --- a/ssh/go.mod +++ b/ssh/go.mod @@ -3,8 +3,8 @@ module github.com/fluxcd/pkg/ssh go 1.23.0 require ( - github.com/onsi/gomega v1.36.1 - golang.org/x/crypto v0.31.0 + github.com/onsi/gomega v1.36.1 + golang.org/x/crypto v0.31.0 golang.org/x/net v0.32.0 )