go.crypto/ssh: add hook for host key checking.

R=dave, agl CC=gobot, golang-dev https://golang.org/cl/9922043
author: Han-Wen Nienhuys <hanwen@google.com> 2013-06-21 12:46:35 -0400
committer: Adam Langley <agl@golang.org> 2013-06-21 12:46:35 -0400
commit: afdc305bc8582a7ba5d9ea2c622ce9927a92050a (patch)
tree: 43bf856358cb1c757d3e650ea8d74a1b8025e0c8 /ssh/client_auth.go
parent: b88b0165229e30fa2f41d4cdfa5ac2b6e282917d (diff)
download: go-x-crypto-afdc305bc8582a7ba5d9ea2c622ce9927a92050a.tar.xz
1 files changed, 12 insertions, 0 deletions
diff --git a/ssh/client_auth.go b/ssh/client_auth.go
index ebb74a2..5282415 100644
--- a/ssh/client_auth.go
+++ b/ssh/client_auth.go
@@ -8,6 +8,7 @@ import (
 	"errors"
 	"fmt"
 	"io"
+	"net"
 )
 
 // authenticate authenticates with the remote server. See RFC 4252.
@@ -63,6 +64,17 @@ func keys(m map[string]bool) (s []string) {
 	return
 }
 
+// HostKeyChecker represents a database of known server host keys.
+type HostKeyChecker interface {
+	// Check is called during the handshake to check server's
+	// public key for unexpected changes. The hostKey argument is
+	// in SSH wire format. It can be parsed using
+	// ssh.ParsePublicKey. The address before DNS resolution is
+	// passed in the addr argument, so the key can also be checked
+	// against the hostname.
+	Check(addr string, remote net.Addr, algorithm string, hostKey []byte) error
+}
+
 // A ClientAuth represents an instance of an RFC 4252 authentication method.
 type ClientAuth interface {
 	// auth authenticates user over transport t.
author	Han-Wen Nienhuys <hanwen@google.com>	2013-06-21 12:46:35 -0400
committer	Adam Langley <agl@golang.org>	2013-06-21 12:46:35 -0400
commit	afdc305bc8582a7ba5d9ea2c622ce9927a92050a (patch)
tree	43bf856358cb1c757d3e650ea8d74a1b8025e0c8 /ssh/client_auth.go
parent	b88b0165229e30fa2f41d4cdfa5ac2b6e282917d (diff)
download	go-x-crypto-afdc305bc8582a7ba5d9ea2c622ce9927a92050a.tar.xz