ssh-keyscan functionnality with crypto/ssh package ?

[Pierre]

Hello Gophers,

Disclaimer: I'm not a software developper.

I'm new to Go and I'm working on a pet project using the crypto/ssh package (client side). As part of this project, I'd like to retrieve the remote SSH server information (version, keys) like the ssh-keyscan binary does. So far my research brought me 0 results so I'm starting to think either no one is interested in this or this is not possible.

So my question is: is it possible to retrieve this information with the current crypto/ssh package, maybe by adding some methods to the existing code? Or do you guys think it's not worth the hassle and I'd better execute the ssh-keyscan within my Go code and move on ?

Thanks for your feedback!

Cheers,

Pierre

[Matt Harden]

With golang.org/x/crypto/ssh, I believe you could create an ssh.ClientConfig with HostKeyCallback set to a function which just records the hostname, address and public key, and then call ssh.Dial() for each host/ip you want to scan, with that ClientConfig. Just Close() each successful connection immediately. This should provide equivalent functionality to ssh-keyscan. You could even run more than one of these in parallel with goroutines and complete it faster than ssh-keyscan.

--
You received this message because you are subscribed to the Google Groups "golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Pierre]

Hello Matt,

Thanks for the hint. I'll definetly check this option and try to find some examples if possible, since this is the way I've learned Go so far!

Cheers,

Pierre

[Pierre]

So I managed to retrieve the remote server SSH key using the HostKeyCallback Matt suggested but I can't seem to find any way to retrieve the remote server's SSH version. Looking at the source of the ssh package, I've seen this information is gathered in the clientHandshake function but I haven't seen any exposed method I could use ...

So I assume it would be necessary to modify the crypto/ssh source to get that information?

Cheers,

Pierre

[Matt Harden]

You could make an additional connection and grab the first line of data from the server. That starts with ssh-2.0- if it's a 2.0 server. https://tools.ietf.org/html/rfc4253#section-4.2

--

[Matt Harden]

You can also look at conn.ServerVersion().

[Pierre]

Hello Matt,

Thanks for the tip! The ServerVersion() method indeed returns the information :) 

This said, from my "basic" understanding (remember I'm not a developper) this method is only available once the connection is established and this implies that the authentication is done with the SSH Server. Can someone confirm ?

Cheers,

Pierre

[Matt Harden]

That's true. There doesn't appear to be a way for a client to get access to the ssh.Conn value before a successful authentication.

--

[shubhendu...@gmail.com]

Dear Pierre,

I am in similar need. Can you please share the code snippet for the same. I tried but ran into a panic.

Regards,
Shubhendu

[Giulio Iotti]

On Wednesday, September 9, 2015 at 2:27:19 PM UTC+2, shubhendu...@gmail.com wrote:

Dear Pierre,

I am in similar need. Can you please share the code snippet for the same. I tried but ran into a panic.

Regards,
Shubhendu

Which panic? Which code?

-- 

Giulio Iotti 

[Pierre]

Hello Shubhendu,

I've posted the code on the playground: http://play.golang.org/p/Lm1FNTnLws

Beware that this is very simplified without proper error handling. As for the SSH version information, I haven't found a way to retrieve it without establishing the connection (with user/password/key) like ssh-keyscan does. I think some additional methods should be implemented in the crypto/ssh to have the possibility to do so but then again, I'm not a developper and starting learning Go.

Hope that helps anyway.

Cheers,

Pierre

[Matt Harden]

You can easily get the version string by connecting and just reading the first (unencrypted) line of data. It's simpler to do this with an additional connection. See this example (warning untested): http://play.golang.org/p/sKMCZju0os.

[Pierre]

Thanks Matt for your help. It did work well for me.

Cheers,

Pierre