Update dependencies to the latest. Fix tests
+ autogend readme
let clients match against specific key types
import "suah.dev/hostkeydns"
Package hostkeydns facilitates verifying remote ssh keys using DNS and SSHFP resource records.
func CheckDNSSecHostKey(dr DNSSecResolvers) ssh.HostKeyCallback
CheckDNSSecHostKey checks a hostkey against a DNSSEC SSHFP records.
package main
import (
"golang.org/x/crypto/ssh"
"suah.dev/hostkeydns"
)
func main() {
dnsConf := hostkeydns.DNSSecResolvers{
Servers: []string{
"8.8.8.8",
},
Port: "53",
Net: "tcp",
}
config := &ssh.ClientConfig{
HostKeyCallback: hostkeydns.CheckDNSSecHostKey(dnsConf),
}
_, _ = ssh.Dial("tcp", "github.com:22", config)
}
func CheckDNSSecHostKeyEZ(res string) ssh.HostKeyCallback
CheckDNSSecHostKeyEZ checks a hostkey against a DNSSEC SSHFP records using preconfigured name servers. Options are: - "quad9": https://www.quad9.net/\. - "google": Google's public name servers. - "system": Use the system resolver (*nix only atm).
package main
import (
"golang.org/x/crypto/ssh"
"suah.dev/hostkeydns"
)
func main() {
config := &ssh.ClientConfig{
HostKeyCallback: hostkeydns.CheckDNSSecHostKeyEZ("quad9"),
}
_, _ = ssh.Dial("tcp", "github.com:22", config)
}
DNSSecResolvers exposes configuration options for resolving hostnames using DNSSEC. Success will be called when a matching fingerprint/SSHFP match is found. Net can be one of "tcp", "tcp-tls" or "udp".
If set, HostKeyAlgorithms will restrict matching to _only_ the algorithms listed. The format of the strings match that of OpenSSH ("ssh-ed25519" for example).
type DNSSecResolvers struct {
Servers []string
Port string
Net string
Success func(key ssh.PublicKey)
HostKeyAlgorithms []string
}
Generated by gomarkdoc