-
Notifications
You must be signed in to change notification settings - Fork 94
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Document lack of host Key validation #2
Comments
Yup fair point. I honestly didn't expect anyone to actually use this... |
Forgive me, I'm not familiar with this library. What is one expected to do in this callback? |
So you're expected to check if the You can use a library like https://pkg.go.dev/golang.org/x/crypto/ssh/knownhosts or https://pkg.go.dev/github.com/skeema/knownhosts for making that easier. |
You both are too kind! 🙂 I understand how critical this is now after some research. Let me know if you're keen, I'll assign you then... |
I'm more than happy to check it over if you want another set of eyes. |
Here we go - #9 |
Will get round to this later! |
No rush! |
I noticed you do not perform host key validation. Maybe this should be made more obvious to users without having to dig through the source?
sidekick/utils/utils.go
Lines 77 to 80 in b99b61b
The text was updated successfully, but these errors were encountered: