-
Notifications
You must be signed in to change notification settings - Fork 17.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x/crypto/ssh: error from ssh.HostKeyCallback is not wrapped during handshake #61309
Comments
When an error is returned by a user defined host key callback, it is now possible to handle it using standard Go mechanisms such as errors.Is or errors.As. Fixes golang/go#61309
Change https://go.dev/cl/508876 mentions this issue: |
cc @FiloSottile @golang/security |
Hello, this is a good addition but I would like to see something more generic. For example I'm exposing ErrNoCommonAlgo in my branch. Tailscale exposes other errors in their branch and so on. I think we should expose an error struct with an error code or something similar so that we can let users easily identify the various types of errors. Obviously this struct should support errors.Is/As |
Having a dedicated ssh error struct would be very valuable, agreed! |
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
Yes.
Root cause
https://github.com/golang/crypto/blob/2e82bdd17/ssh/client.go#L85
It does not wrap the causing
err
using%w
.What did you do?
In my program, there is a mechanism that, for a given host, maintains
[]ssh.PublicKey
with known host keys.With this slice in hands, we proceed to call
ssh.NewClientConn
with:During ssh handshake if the host key doesn't match any keys from that slice, we get an error:
The
"unknown host key: ..."
part comes from functionvalidateHostKeys
:What did you expect to see?
In my host validation error handler, I am using:
... and expect it to return
true
when such error indeed arises.What did you see instead?
It returns
false
.The text was updated successfully, but these errors were encountered: