From cc9b41b6e37fc0a2f8fbb3545748bb4f89697d1d Mon Sep 17 00:00:00 2001
From: tuti <tuti@tigera.io>
Date: Wed, 25 Sep 2024 22:11:22 -0700
Subject: [PATCH] remove using ssh.InsecureIgnoreHostKey

---
 go.mod                          |  1 +
 go.sum                          |  2 ++
 release/internal/command/ssh.go | 28 +++++++++++++++++++++++++++-
 3 files changed, 30 insertions(+), 1 deletion(-)

diff --git a/go.mod b/go.mod
index 5a044bd8863..6b5d485218a 100644
--- a/go.mod
+++ b/go.mod
@@ -69,6 +69,7 @@ require (
 	github.com/safchain/ethtool v0.0.0-20210803160452-9aa261dae9b1
 	github.com/shirou/gopsutil v0.0.0-20190323131628-2cbc9195c892
 	github.com/sirupsen/logrus v1.9.3
+	github.com/skeema/knownhosts v1.3.0
 	github.com/slack-go/slack v0.14.0
 	github.com/spf13/cobra v1.8.0
 	github.com/spf13/pflag v1.0.5
diff --git a/go.sum b/go.sum
index 2617c39b5df..c0657c508f4 100644
--- a/go.sum
+++ b/go.sum
@@ -685,6 +685,8 @@ github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6Mwd
 github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
 github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/skeema/knownhosts v1.3.0 h1:AM+y0rI04VksttfwjkSTNQorvGqmwATnvnAHpSgc0LY=
+github.com/skeema/knownhosts v1.3.0/go.mod h1:sPINvnADmT/qYH1kfv+ePMmOBTH6Tbl7b5LvTDjFK7M=
 github.com/slack-go/slack v0.14.0 h1:6c0UTfbRnvRssZUsZ2qe0Iu07VAMPjRqOa6oX8ewF4k=
 github.com/slack-go/slack v0.14.0/go.mod h1:hlGi5oXA+Gt+yWTPP0plCdRKmjsDxecdHxYQdlMQKOw=
 github.com/soheilhy/cmux v0.1.5 h1:jjzc5WVemNEDTLwv9tlmemhC73tI08BNOIGwBOo10Js=
diff --git a/release/internal/command/ssh.go b/release/internal/command/ssh.go
index ff98da952ae..0e68506a3a7 100644
--- a/release/internal/command/ssh.go
+++ b/release/internal/command/ssh.go
@@ -3,10 +3,13 @@ package command
 import (
 	"bytes"
 	"fmt"
+	"net"
 	"os"
+	"path/filepath"
 	"strings"
 
 	"github.com/sirupsen/logrus"
+	"github.com/skeema/knownhosts"
 	"golang.org/x/crypto/ssh"
 )
 
@@ -59,7 +62,30 @@ func connect(sshConfig *SSHConfig) (*ssh.Session, error) {
 		Auth: []ssh.AuthMethod{
 			ssh.PublicKeys(signer),
 		},
-		HostKeyCallback: ssh.InsecureIgnoreHostKey(),
+		// This callback mimics the behavior of ssh -o StrictHostKeyChecking=no
+		HostKeyCallback: ssh.HostKeyCallback(func(host string, remote net.Addr, pubKey ssh.PublicKey) error {
+			knownHostsFilePath := filepath.Join(os.Getenv("HOME"), ".ssh", "known_hosts")
+			k, err := knownhosts.NewDB(knownHostsFilePath)
+			if err != nil {
+				return err
+			}
+			err = k(host, remote, pubKey)
+			if knownhosts.IsHostKeyChanged(err) {
+				return fmt.Errorf("host key changed: %v", err)
+			} else if knownhosts.IsHostUnknown(err) {
+				f, err := os.OpenFile(knownHostsFilePath, os.O_APPEND|os.O_WRONLY, 0o600)
+				if err != nil {
+					return err
+				}
+				defer f.Close()
+				err = knownhosts.WriteKnownHost(f, host, remote, pubKey)
+				if err != nil {
+					return err
+				}
+				return nil
+			}
+			return err
+		}),
 	}
 	client, err := ssh.Dial("tcp", sshConfig.Address(), config)
 	if err != nil {