英文:
How do you work with StrictHostKeyChecking using go.crypto/ssh package in Go?
问题
到目前为止,使用Go中的ssh包,我已经能够创建一种客户端,可以允许两种形式的身份验证。用户可以输入密码,或者使用密钥进行身份验证。这个功能很好,但是StrictHostKeyChecking可能会引起问题。通常情况下,第一次SSH到远程主机时,会提示用户关于主机授权的消息。
在Go中,有没有办法向用户提供yes / no的提示,或者完全禁用StrictHostKeyChecking?
英文:
So far with the ssh package in go I have been able to create some sort of client that will allow two forms of authentication. Either the user inputs a password or it will use keys to authenticate. This works great, however StrictHostKeyChecking may be causing an issue. Normally the first time you would SSH into a remote you'll be prompted with a message asking about the host authorization.
Is there anyway in Go to provide the user with that yes / no prompt or to disable StrictHostKeyChecking altogether?
答案1
得分: 3
他们不会为您实现这个功能,但是您可以在传递给Dial的ClientConfig结构中提供HostKeyCallback。您提供的函数应该根据某个已知列表验证主机名和主机密钥,并在不匹配时提示用户。文档中指出,默认情况下接受所有主机密钥,这类似于在ssh客户端配置中设置StrictHostKeyChecking no。
英文:
They don't implement this for you, but you could provide HostKeyCallback in the ClientConfig struct passed to Dial. The function you provide should validate the hostname and host key against some known list and prompt the user if it doesn't match. The documentation says that the default is to accept all host keys, which is like setting StrictHostKeyChecking no in the ssh client config.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论