use proxy.Dial instead of net.Dial for ScanHostKey

ssh.Dial uses net.DialTimeout under the hood and there is no possibility to use a proxy when running command like `flux create source git` so we use almost all internal implementation of ssh.Dial except net.DialTimeout is replaced with proxy.Dial like it is done in go-git Signed-off-by: Artem Nistratov <[email protected]>
fluxcd · Nov 27, 2024 · 63c6588 · 63c6588
1 parent aa0e9ce
commit 63c6588
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 4 deletions.
diff --git a/ssh/go.mod b/ssh/go.mod
@@ -5,11 +5,11 @@ go 1.22.0
 require (
 	github.com/onsi/gomega v1.34.2
 	golang.org/x/crypto v0.27.0
+	golang.org/x/net v0.29.0
 )
 
 require (
 	github.com/google/go-cmp v0.6.0 // indirect
-	golang.org/x/net v0.29.0 // indirect
 	golang.org/x/sys v0.25.0 // indirect
 	golang.org/x/text v0.18.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect

diff --git a/ssh/host_key.go b/ssh/host_key.go
@@ -17,13 +17,15 @@ limitations under the License.
 package ssh
 
 import (
+	"context"
 	"encoding/base64"
 	"fmt"
 	"net"
 	"time"
 
 	"golang.org/x/crypto/ssh"
 	"golang.org/x/crypto/ssh/knownhosts"
+	"golang.org/x/net/proxy"
 )
 
 // ScanHostKey collects the given host's preferred public key for the
@@ -45,10 +47,20 @@ func ScanHostKey(host string, timeout time.Duration, clientHostKeyAlgos []string
 		config.HostKeyAlgorithms = clientHostKeyAlgos
 	}
 
-	client, err := ssh.Dial("tcp", host, config)
-	if err == nil {
-		defer client.Close()
+	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	defer cancel()
+	// support for ALL_PROXY ENV varaible
+	conn, err := proxy.Dial(ctx, "tcp", host)
+	if err != nil {
+		return nil, err
 	}
+	c, chans, reqs, err := ssh.NewClientConn(conn, host, config)
+	if err != nil {
+		return nil, err
+	}
+	client := ssh.NewClient(c, chans, reqs)
+	defer client.Close()
+
 	if len(col.knownKeys) > 0 {
 		return col.knownKeys, nil
 	}