Add ability to specify host key (#794)

Community contribution from
#769.

Fixes #755.

Co-authored-by: Fedor Chubukov <[email protected]>

Author: blampe

provider/cmd/pulumi-resource-command/schema.json

@@ -86,6 +86,10 @@
           "type": "string",
           "description": "The address of the resource to connect to."
         },
+        "hostKey": {
+          "type": "string",
+          "description": "The expected host key to verify the server's identity. If not provided, the host key will be ignored."
+        },
         "password": {
           "type": "string",
           "description": "The password we should use for the connection.",
@@ -163,6 +167,10 @@
           "type": "string",
           "description": "The address of the bastion host to connect to."
         },
+        "hostKey": {
+          "type": "string",
+          "description": "The expected host key to verify the server's identity. If not provided, the host key will be ignored."
+        },
         "password": {
           "type": "string",
           "description": "The password we should use for the connection to the bastion host.",

provider/pkg/provider/remote/connection.go

@@ -52,6 +52,7 @@ type connectionBase struct {
 	AgentSocketPath    *string  `pulumi:"agentSocketPath,optional"`
 	DialErrorLimit     *int     `pulumi:"dialErrorLimit,optional"`
 	PerDialTimeout     *int     `pulumi:"perDialTimeout,optional"`
+	HostKey            *string  `pulumi:"hostKey,optional"`
 }
 
 func (c *Connection) Annotate(a infer.Annotator) {
@@ -70,13 +71,28 @@ func (c *Connection) Annotate(a infer.Annotator) {
 	a.SetDefault(&c.DialErrorLimit, dialErrorDefault)
 	a.Describe(&c.PerDialTimeout, "Max number of seconds for each dial attempt. 0 implies no maximum. Default value is 15 seconds.")
 	a.SetDefault(&c.PerDialTimeout, 15)
+	a.Describe(&c.HostKey, "The expected host key to verify the server's identity. If not provided, the host key will be ignored.")
 }
 
 func (con *connectionBase) SShConfig() (*ssh.ClientConfig, error) {
+	var hostKeyCallback ssh.HostKeyCallback
+	var hostKeyAlgorithms []string
+	if con.HostKey != nil {
+		publicKey, _, _, _, err := ssh.ParseAuthorizedKey([]byte(*con.HostKey))
+		if err != nil {
+			return nil, fmt.Errorf("failed to parse host key: %w", err)
+		}
+		hostKeyCallback = ssh.FixedHostKey(publicKey)
+		hostKeyAlgorithms = []string{publicKey.Type()}
+	} else {
+		hostKeyCallback = ssh.InsecureIgnoreHostKey()
+	}
+
 	config := &ssh.ClientConfig{
-		User:            *con.User,
-		HostKeyCallback: ssh.InsecureIgnoreHostKey(),
-		Timeout:         time.Second * time.Duration(*con.PerDialTimeout),
+		User:              *con.User,
+		HostKeyCallback:   hostKeyCallback,
+		HostKeyAlgorithms: hostKeyAlgorithms,
+		Timeout:           time.Second * time.Duration(*con.PerDialTimeout),
 	}
 	if con.PrivateKey != nil {
 		var signer ssh.Signer

provider/pkg/provider/remote/proxyConnection.go

@@ -35,4 +35,5 @@ func (c *ProxyConnection) Annotate(a infer.Annotator) {
 	a.SetDefault(&c.DialErrorLimit, dialErrorDefault)
 	a.Describe(&c.PerDialTimeout, "Max number of seconds for each dial attempt. 0 implies no maximum. Default value is 15 seconds.")
 	a.SetDefault(&c.PerDialTimeout, 15)
+	a.Describe(&c.HostKey, "The expected host key to verify the server's identity. If not provided, the host key will be ignored.")
 }

sdk/dotnet/Remote/Inputs/ConnectionArgs.cs

@@ -33,6 +33,12 @@ public sealed class ConnectionArgs : global::Pulumi.ResourceArgs
         [Input("host", required: true)]
         public Input<string> Host { get; set; } = null!;
 
+        /// <summary>
+        /// The expected host key to verify the server's identity. If not provided, the host key will be ignored.
+        /// </summary>
+        [Input("hostKey")]
+        public Input<string>? HostKey { get; set; }
+
         [Input("password")]
         private Input<string>? _password;
 

sdk/dotnet/Remote/Inputs/ProxyConnectionArgs.cs

@@ -33,6 +33,12 @@ public sealed class ProxyConnectionArgs : global::Pulumi.ResourceArgs
         [Input("host", required: true)]
         public Input<string> Host { get; set; } = null!;
 
+        /// <summary>
+        /// The expected host key to verify the server's identity. If not provided, the host key will be ignored.
+        /// </summary>
+        [Input("hostKey")]
+        public Input<string>? HostKey { get; set; }
+
         [Input("password")]
         private Input<string>? _password;
 

sdk/dotnet/Remote/Outputs/Connection.cs

@@ -29,6 +29,10 @@ public sealed class Connection
         /// </summary>
         public readonly string Host;
         /// <summary>
+        /// The expected host key to verify the server's identity. If not provided, the host key will be ignored.
+        /// </summary>
+        public readonly string? HostKey;
+        /// <summary>
         /// The password we should use for the connection.
         /// </summary>
         public readonly string? Password;
@@ -65,6 +69,8 @@ private Connection(
 
             string host,
 
+            string? hostKey,
+
             string? password,
 
             int? perDialTimeout,
@@ -82,6 +88,7 @@ private Connection(
             AgentSocketPath = agentSocketPath;
             DialErrorLimit = dialErrorLimit;
             Host = host;
+            HostKey = hostKey;
             Password = password;
             PerDialTimeout = perDialTimeout;
             Port = port;

sdk/dotnet/Remote/Outputs/ProxyConnection.cs

@@ -29,6 +29,10 @@ public sealed class ProxyConnection
         /// </summary>
         public readonly string Host;
         /// <summary>
+        /// The expected host key to verify the server's identity. If not provided, the host key will be ignored.
+        /// </summary>
+        public readonly string? HostKey;
+        /// <summary>
         /// The password we should use for the connection to the bastion host.
         /// </summary>
         public readonly string? Password;
@@ -61,6 +65,8 @@ private ProxyConnection(
 
             string host,
 
+            string? hostKey,
+
             string? password,
 
             int? perDialTimeout,
@@ -76,6 +82,7 @@ private ProxyConnection(
             AgentSocketPath = agentSocketPath;
             DialErrorLimit = dialErrorLimit;
             Host = host;
+            HostKey = hostKey;
             Password = password;
             PerDialTimeout = perDialTimeout;
             Port = port;

sdk/go/command/remote/pulumiTypes.go

@@ -69,6 +69,21 @@ public Output<String> host() {
         return this.host;
     }
 
+    /**
+     * The expected host key to verify the server&#39;s identity. If not provided, the host key will be ignored.
+     * 
+     */
+    @Import(name="hostKey")
+    private @Nullable Output<String> hostKey;
+
+    /**
+     * @return The expected host key to verify the server&#39;s identity. If not provided, the host key will be ignored.
+     * 
+     */
+    public Optional<Output<String>> hostKey() {
+        return Optional.ofNullable(this.hostKey);
+    }
+
     /**
      * The password we should use for the connection.
      * 
@@ -180,6 +195,7 @@ private ConnectionArgs(ConnectionArgs $) {
         this.agentSocketPath = $.agentSocketPath;
         this.dialErrorLimit = $.dialErrorLimit;
         this.host = $.host;
+        this.hostKey = $.hostKey;
         this.password = $.password;
         this.perDialTimeout = $.perDialTimeout;
         this.port = $.port;
@@ -270,6 +286,27 @@ public Builder host(String host) {
             return host(Output.of(host));
         }
 
+        /**
+         * @param hostKey The expected host key to verify the server&#39;s identity. If not provided, the host key will be ignored.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder hostKey(@Nullable Output<String> hostKey) {
+            $.hostKey = hostKey;
+            return this;
+        }
+
+        /**
+         * @param hostKey The expected host key to verify the server&#39;s identity. If not provided, the host key will be ignored.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder hostKey(String hostKey) {
+            return hostKey(Output.of(hostKey));
+        }
+
         /**
          * @param password The password we should use for the connection.
          * 

sdk/java/src/main/java/com/pulumi/command/remote/inputs/ConnectionArgs.java

@@ -68,6 +68,21 @@ public Output<String> host() {
         return this.host;
     }
 
+    /**
+     * The expected host key to verify the server&#39;s identity. If not provided, the host key will be ignored.
+     * 
+     */
+    @Import(name="hostKey")
+    private @Nullable Output<String> hostKey;
+
+    /**
+     * @return The expected host key to verify the server&#39;s identity. If not provided, the host key will be ignored.
+     * 
+     */
+    public Optional<Output<String>> hostKey() {
+        return Optional.ofNullable(this.hostKey);
+    }
+
     /**
      * The password we should use for the connection to the bastion host.
      * 
@@ -164,6 +179,7 @@ private ProxyConnectionArgs(ProxyConnectionArgs $) {
         this.agentSocketPath = $.agentSocketPath;
         this.dialErrorLimit = $.dialErrorLimit;
         this.host = $.host;
+        this.hostKey = $.hostKey;
         this.password = $.password;
         this.perDialTimeout = $.perDialTimeout;
         this.port = $.port;
@@ -253,6 +269,27 @@ public Builder host(String host) {
             return host(Output.of(host));
         }
 
+        /**
+         * @param hostKey The expected host key to verify the server&#39;s identity. If not provided, the host key will be ignored.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder hostKey(@Nullable Output<String> hostKey) {
+            $.hostKey = hostKey;
+            return this;
+        }
+
+        /**
+         * @param hostKey The expected host key to verify the server&#39;s identity. If not provided, the host key will be ignored.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder hostKey(String hostKey) {
+            return hostKey(Output.of(hostKey));
+        }
+
         /**
          * @param password The password we should use for the connection to the bastion host.
          *