From 4e3e62923b84a3101c215b7b32f0016a2f75554c Mon Sep 17 00:00:00 2001 From: Paulo Gomes Date: Fri, 6 May 2022 17:58:09 +0100 Subject: [PATCH] git: Add git.HostKeyAlgos Enables the setting of HostKey algorithms to be used from a client perspective. This implementation supports go-git and libgit2 when in ManagedTransport. Signed-off-by: Paulo Gomes --- pkg/git/gogit/transport.go | 4 ++++ pkg/git/libgit2/managed/ssh.go | 3 +++ pkg/git/options.go | 7 ++++++- 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/pkg/git/gogit/transport.go b/pkg/git/gogit/transport.go index 6be46b0c..977e8f7f 100644 --- a/pkg/git/gogit/transport.go +++ b/pkg/git/gogit/transport.go @@ -103,5 +103,9 @@ func (a *CustomPublicKeys) ClientConfig() (*gossh.ClientConfig, error) { if len(git.KexAlgos) > 0 { config.Config.KeyExchanges = git.KexAlgos } + if len(git.HostKeyAlgos) > 0 { + config.HostKeyAlgorithms = git.HostKeyAlgos + } + return config, nil } diff --git a/pkg/git/libgit2/managed/ssh.go b/pkg/git/libgit2/managed/ssh.go index a36ac166..d506ee42 100644 --- a/pkg/git/libgit2/managed/ssh.go +++ b/pkg/git/libgit2/managed/ssh.go @@ -421,6 +421,9 @@ func cacheKeyAndConfig(remoteAddress string, cred *git2go.Credential) (string, * if len(git.KexAlgos) > 0 { cfg.Config.KeyExchanges = git.KexAlgos } + if len(git.HostKeyAlgos) > 0 { + cfg.HostKeyAlgorithms = git.HostKeyAlgos + } return ck, cfg, nil } diff --git a/pkg/git/options.go b/pkg/git/options.go index 3d8a9261..71ecbe98 100644 --- a/pkg/git/options.go +++ b/pkg/git/options.go @@ -70,9 +70,14 @@ type AuthOptions struct { CAFile []byte } -// List of custom key exchange algorithms to be used for ssh connections. +// KexAlgos hosts the key exchange algorithms to be used for ssh connections. +// If empty, golang's default is used instead. var KexAlgos []string +// HostKeyAlgos holds the HostKey algorithms that the ssh client will advertise +// to the server. If empty, golang's default is used instead. +var HostKeyAlgos []string + // Validate the AuthOptions against the defined Transport. func (o AuthOptions) Validate() error { switch o.Transport {