🚀 Launch Week Day 4:Introducing the Alert Details Page: A Better Way to Explore Alerts.Learn More →
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

suah.dev/hostkeydns

Package Overview
Dependencies
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

suah.dev/hostkeydns

Go Modules
Version
v1.0.0
Version published
Created
Source

hostkeydns

import "suah.dev/hostkeydns"

Package hostkeydns facilitates verifying remote ssh keys using DNS and SSHFP resource records.

Index

  • func CheckDNSSecHostKey(dr DNSSecResolvers) ssh.HostKeyCallback
  • func CheckDNSSecHostKeyEZ(res string) ssh.HostKeyCallback
  • type DNSSecResolvers

func CheckDNSSecHostKey

func CheckDNSSecHostKey(dr DNSSecResolvers) ssh.HostKeyCallback

CheckDNSSecHostKey checks a hostkey against a DNSSEC SSHFP records.

Example 

package main

import (
	"golang.org/x/crypto/ssh"
	"suah.dev/hostkeydns"
)

func main() {
	dnsConf := hostkeydns.DNSSecResolvers{
		Servers: []string{
			"8.8.8.8",
		},
		Port: "53",
		Net:  "tcp",
	}
	config := &ssh.ClientConfig{
		HostKeyCallback: hostkeydns.CheckDNSSecHostKey(dnsConf),
	}
	_, _ = ssh.Dial("tcp", "github.com:22", config)
}

func CheckDNSSecHostKeyEZ

func CheckDNSSecHostKeyEZ(res string) ssh.HostKeyCallback

CheckDNSSecHostKeyEZ checks a hostkey against a DNSSEC SSHFP records using preconfigured name servers. Options are: - "quad9": https://www.quad9.net/\. - "google": Google's public name servers. - "system": Use the system resolver (*nix only atm).

Example 

package main

import (
	"golang.org/x/crypto/ssh"
	"suah.dev/hostkeydns"
)

func main() {
	config := &ssh.ClientConfig{
		HostKeyCallback: hostkeydns.CheckDNSSecHostKeyEZ("quad9"),
	}
	_, _ = ssh.Dial("tcp", "github.com:22", config)
}

type DNSSecResolvers

DNSSecResolvers exposes configuration options for resolving hostnames using DNSSEC. Success will be called when a matching fingerprint/SSHFP match is found. Net can be one of "tcp", "tcp-tls" or "udp".

If set, HostKeyAlgorithms will restrict matching to _only_ the algorithms listed. The format of the strings match that of OpenSSH ("ssh-ed25519" for example).

type DNSSecResolvers struct {
    Servers           []string
    Port              string
    Net               string
    Success           func(key ssh.PublicKey)
    HostKeyAlgorithms []string
}

Generated by gomarkdoc

FAQs

Package last updated on 23 Feb 2023

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

curl Shuts Down Bug Bounty Program After Flood of AI Slop Reports

Security News

curl Shuts Down Bug Bounty Program After Flood of AI Slop Reports

A surge of AI-generated vulnerability reports has pushed open source maintainers to rethink bug bounties and tighten security disclosure processes.

By Sarah Gooding  -  Jan 23, 2026
Introducing Immutable Scans

Product

Introducing Immutable Scans

Scan results now load faster and remain consistent over time, with stable URLs and on-demand rescans for fresh security data.

By Nolan Lawson  -  Jan 23, 2026