x/crypto/ssh: make ClientConfig HostKeyCallback non-permissive by default

[rsc]

ClientConfig.HostKeyCallback interprets nil as "accept any host keys". This is not a great default from a security perspective. Many clients probably should set HostKeyCallback to something real but are not.

It was written this way in golang.org/cl/9922043 to preserve backwards compatibility with the original implementation, but that was probably not the right balance to strike.

This issue is to make HostKeyCallback=nil mean "reject all host keys" and at the same time provide at least

func InsecureSkipVerifyHostKey() HostKeyChecker
func FixedHostKey(key []byte) HostKeyChecker

and maybe also

func HostKeysFile(file string) HostKeyChecker

Thanks to Phil Pennock for pointing out this problem.

[hanwen]

see https://go-review.googlesource.com/c/38701/

[gopherbot]

CL https://golang.org/cl/38701 mentions this issue.

[philpennock]

For reference, this is now: CVE-2017-3204

[muratsplat]

Hello,

This issue not occurred on "go1.8.1 darwin/amd64". I think that "go1.8.1 darwin/amd64" and " go1.8.1 linux/amd64" is not same in ssh package. Can "go1.8.1 darwin/amd64" commits be behind to " go1.8.1 linux/amd64". It is possible @rsc

[muratsplat]

Hello again.

I forget do "go get -u github.com/pkg/sftp" with "-u" flag. Sorry for attention :(