(skipHostValidation bool, expectedFingerprint string)
| 361 | } |
| 362 | |
| 363 | func fingerprintCallback(skipHostValidation bool, expectedFingerprint string) ssh.HostKeyCallback { |
| 364 | return func(hostname string, remote net.Addr, key ssh.PublicKey) error { |
| 365 | if skipHostValidation { |
| 366 | return nil |
| 367 | } |
| 368 | |
| 369 | var fingerprint string |
| 370 | |
| 371 | switch len(expectedFingerprint) { |
| 372 | case sha256FingerprintLength: |
| 373 | fingerprint = sha256Fingerprint(key, false) |
| 374 | case base64Sha256FingerprintLength: |
| 375 | fingerprint = sha256Fingerprint(key, true) |
| 376 | case hexSha1FingerprintLength: |
| 377 | fingerprint = hexSha1Fingerprint(key) |
| 378 | case md5FingerprintLength: |
| 379 | fingerprint = md5Fingerprint(key) |
| 380 | case 0: |
| 381 | fingerprint = md5Fingerprint(key) |
| 382 | return fmt.Errorf("Unable to verify identity of host.\n\nThe fingerprint of the received key was %q.", fingerprint) |
| 383 | default: |
| 384 | return errors.New("Unsupported host key fingerprint format") |
| 385 | } |
| 386 | |
| 387 | if fingerprint != expectedFingerprint { |
| 388 | return fmt.Errorf("Host key verification failed.\n\nThe fingerprint of the received key was %q.", fingerprint) |
| 389 | } |
| 390 | return nil |
| 391 | } |
| 392 | } |
| 393 | |
| 394 | func hexSha1Fingerprint(key ssh.PublicKey) string { |
| 395 | sum := sha1.Sum(key.Marshal()) |
no test coverage detected