git: Add git.HostKeyAlgos

Enables the setting of HostKey algorithms to be used from a client perspective. This implementation supports go-git and libgit2 when in ManagedTransport. Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
2022-05-06 17:58:09 +01:00 · 2022-05-06 17:58:09 +01:00 · 4e3e62923b
parent d425923a54
commit 4e3e62923b
3 changed files with 13 additions and 1 deletions
--- a/pkg/git/gogit/transport.go
+++ b/pkg/git/gogit/transport.go
@ -103,5 +103,9 @@ func (a *CustomPublicKeys) ClientConfig() (*gossh.ClientConfig, error) {
 	if len(git.KexAlgos) > 0 {
 		config.Config.KeyExchanges = git.KexAlgos
 	}
+	if len(git.HostKeyAlgos) > 0 {
+		config.HostKeyAlgorithms = git.HostKeyAlgos
+	}
+
 	return config, nil
 }
--- a/pkg/git/libgit2/managed/ssh.go
+++ b/pkg/git/libgit2/managed/ssh.go
@ -421,6 +421,9 @@ func cacheKeyAndConfig(remoteAddress string, cred *git2go.Credential) (string, *
 	if len(git.KexAlgos) > 0 {
 		cfg.Config.KeyExchanges = git.KexAlgos
 	}
+	if len(git.HostKeyAlgos) > 0 {
+		cfg.HostKeyAlgorithms = git.HostKeyAlgos
+	}

 	return ck, cfg, nil
 }
--- a/pkg/git/options.go
+++ b/pkg/git/options.go
@ -70,9 +70,14 @@ type AuthOptions struct {
 	CAFile     []byte
 }

-// List of custom key exchange algorithms to be used for ssh connections.
+// KexAlgos hosts the key exchange algorithms to be used for ssh connections.
+// If empty, golang's default is used instead.
 var KexAlgos []string

+// HostKeyAlgos holds the HostKey algorithms that the ssh client will advertise
+// to the server. If empty, golang's default is used instead.
+var HostKeyAlgos []string
+
 // Validate the AuthOptions against the defined Transport.
 func (o AuthOptions) Validate() error {
 	switch o.Transport {