support Fingerprint

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
2025-05-09 18:23:21 +08:00 · 2020-05-19 13:31:04 +08:00 · 2020-05-19 13:31:04 +08:00 · 673b03852b
commit 673b03852b
parent 923defc397
3 changed files with 65 additions and 27 deletions
--- a/main.go
+++ b/main.go
@ -65,6 +65,11 @@ func main() {
 			EnvVar: "PLUGIN_CIPHERS,SSH_CIPHERS,CIPHERS,INPUT_CIPHERS",
 			Value:  &defaultCiphers,
 		},
+		cli.StringFlag{
+			Name:   "fingerprint",
+			Usage:  "fingerprint as unpadded base64 encoded sha256 hash.",
+			EnvVar: "PLUGIN_FINGERPRINT,SSH_FINGERPRINT,FINGERPRINT,INPUT_FINGERPRINT",
+		},
 		cli.StringSliceFlag{
 			Name:     "host,H",
 			Usage:    "connect to host",
@ -157,6 +162,11 @@ func main() {
 			EnvVar: "PLUGIN_PROXY_CIPHERS,SSH_PROXY_CIPHERS,PROXY_CIPHERS,INPUT_PROXY_CIPHERS",
 			Value:  &defaultCiphers,
 		},
+		cli.StringFlag{
+			Name:   "proxy.fingerprint",
+			Usage:  "fingerprint as unpadded base64 encoded sha256 hash.",
+			EnvVar: "PLUGIN_PROXY_FINGERPRINT,SSH_PROXY_FINGERPRINT,PROXY_FINGERPRINT,INPUT_PROXY_FINGERPRINT",
+		},
 		cli.StringSliceFlag{
 			Name:   "envs",
 			Usage:  "pass environment variable to shell script",
@ -219,6 +229,7 @@ func run(c *cli.Context) error {
 			Username:       c.String("user"),
 			Password:       c.String("password"),
 			Passphrase:     c.String("ssh-passphrase"),
+			Fingerprint:    c.String("fingerprint"),
 			Host:           c.StringSlice("host"),
 			Port:           c.Int("port"),
 			Timeout:        c.Duration("timeout"),
@ -230,15 +241,16 @@ func run(c *cli.Context) error {
 			Sync:           c.Bool("sync"),
 			Ciphers:        c.StringSlice("ciphers"),
 			Proxy: easyssh.DefaultConfig{
-				Key:        c.String("proxy.ssh-key"),
-				KeyPath:    c.String("proxy.key-path"),
-				User:       c.String("proxy.username"),
-				Password:   c.String("proxy.password"),
-				Passphrase: c.String("proxy.ssh-passphrase"),
-				Server:     c.String("proxy.host"),
-				Port:       c.String("proxy.port"),
-				Timeout:    c.Duration("proxy.timeout"),
-				Ciphers:    c.StringSlice("proxy.ciphers"),
+				Key:         c.String("proxy.ssh-key"),
+				KeyPath:     c.String("proxy.key-path"),
+				User:        c.String("proxy.username"),
+				Password:    c.String("proxy.password"),
+				Passphrase:  c.String("proxy.ssh-passphrase"),
+				Fingerprint: c.String("proxy.fingerprint"),
+				Server:      c.String("proxy.host"),
+				Port:        c.String("proxy.port"),
+				Timeout:     c.Duration("proxy.timeout"),
+				Ciphers:     c.StringSlice("proxy.ciphers"),
 			},
 		},
 		Writer: os.Stdout,
--- a/plugin.go
+++ b/plugin.go
@ -30,6 +30,7 @@ type (
 		Password       string
 		Host           []string
 		Port           int
+		Fingerprint    string
 		Timeout        time.Duration
 		CommandTimeout time.Duration
 		Script         []string
@ -55,25 +56,27 @@ func escapeArg(arg string) string {
 func (p Plugin) exec(host string, wg *sync.WaitGroup, errChannel chan error) {
 	// Create MakeConfig instance with remote username, server address and path to private key.
 	ssh := &easyssh.MakeConfig{
-		Server:     host,
-		User:       p.Config.Username,
-		Password:   p.Config.Password,
-		Port:       strconv.Itoa(p.Config.Port),
-		Key:        p.Config.Key,
-		KeyPath:    p.Config.KeyPath,
-		Passphrase: p.Config.Passphrase,
-		Timeout:    p.Config.Timeout,
-		Ciphers:    p.Config.Ciphers,
+		Server:      host,
+		User:        p.Config.Username,
+		Password:    p.Config.Password,
+		Port:        strconv.Itoa(p.Config.Port),
+		Key:         p.Config.Key,
+		KeyPath:     p.Config.KeyPath,
+		Passphrase:  p.Config.Passphrase,
+		Timeout:     p.Config.Timeout,
+		Ciphers:     p.Config.Ciphers,
+		Fingerprint: p.Config.Fingerprint,
 		Proxy: easyssh.DefaultConfig{
-			Server:     p.Config.Proxy.Server,
-			User:       p.Config.Proxy.User,
-			Password:   p.Config.Proxy.Password,
-			Port:       p.Config.Proxy.Port,
-			Key:        p.Config.Proxy.Key,
-			KeyPath:    p.Config.Proxy.KeyPath,
-			Passphrase: p.Config.Proxy.Passphrase,
-			Timeout:    p.Config.Proxy.Timeout,
-			Ciphers:    p.Config.Proxy.Ciphers,
+			Server:      p.Config.Proxy.Server,
+			User:        p.Config.Proxy.User,
+			Password:    p.Config.Proxy.Password,
+			Port:        p.Config.Proxy.Port,
+			Key:         p.Config.Proxy.Key,
+			KeyPath:     p.Config.Proxy.KeyPath,
+			Passphrase:  p.Config.Proxy.Passphrase,
+			Timeout:     p.Config.Proxy.Timeout,
+			Ciphers:     p.Config.Proxy.Ciphers,
+			Fingerprint: p.Config.Proxy.Fingerprint,
 		},
 	}

--- a/plugin_test.go
+++ b/plugin_test.go
@ -384,6 +384,29 @@ func TestCommandOutput(t *testing.T) {
 	assert.Equal(t, unindent(expected), unindent(buffer.String()))
 }

+func TestFingerprint(t *testing.T) {
+	var (
+		buffer bytes.Buffer
+	)
+
+	plugin := Plugin{
+		Config: Config{
+			Host:     []string{"localhost"},
+			Username: "drone-scp",
+			Port:     22,
+			KeyPath:  "./tests/.ssh/id_rsa",
+			Script: []string{
+				"whoami",
+			},
+			Fingerprint: "wrong",
+		},
+		Writer: &buffer,
+	}
+
+	err := plugin.Exec()
+	assert.NotNil(t, err)
+}
+
 func TestScriptStop(t *testing.T) {
 	var (
 		buffer   bytes.Buffer