()
| 155 | } |
| 156 | |
| 157 | func ExampleServerConfig_AddHostKey() { |
| 158 | // Minimal ServerConfig supporting only password authentication. |
| 159 | config := &ssh.ServerConfig{ |
| 160 | PasswordCallback: func(c ssh.ConnMetadata, pass []byte) (*ssh.Permissions, error) { |
| 161 | // Should use constant-time compare (or better, salt+hash) in |
| 162 | // a production setting. |
| 163 | if c.User() == "testuser" && string(pass) == "tiger" { |
| 164 | return nil, nil |
| 165 | } |
| 166 | return nil, fmt.Errorf("password rejected for %q", c.User()) |
| 167 | }, |
| 168 | } |
| 169 | |
| 170 | privateBytes, err := os.ReadFile("id_rsa") |
| 171 | if err != nil { |
| 172 | log.Fatal("Failed to load private key: ", err) |
| 173 | } |
| 174 | |
| 175 | private, err := ssh.ParsePrivateKey(privateBytes) |
| 176 | if err != nil { |
| 177 | log.Fatal("Failed to parse private key: ", err) |
| 178 | } |
| 179 | // Restrict host key algorithms to disable ssh-rsa. |
| 180 | signer, err := ssh.NewSignerWithAlgorithms(private.(ssh.AlgorithmSigner), []string{ssh.KeyAlgoRSASHA256, ssh.KeyAlgoRSASHA512}) |
| 181 | if err != nil { |
| 182 | log.Fatal("Failed to create private key with restricted algorithms: ", err) |
| 183 | } |
| 184 | config.AddHostKey(signer) |
| 185 | } |
| 186 | |
| 187 | func ExampleClientConfig_HostKeyCallback() { |
| 188 | // Every client must provide a host key check. Here is a |
nothing calls this directly
no test coverage detected
searching dependent graphs…