解决办法,如下所示,在ssh的配置里加上HostKeyCallback,
config := &ssh.ClientConfig{
User: user,
Auth: []ssh.AuthMethod{
ssh.Password(pass),
},
// allow any host key to be used (non-prod)
// HostKeyCallback: ssh.InsecureIgnoreHostKey(),
// verify host public key
HostKeyCallback: func(hostname string, remote net.Addr, key ssh.PublicKey) error {
return nil
}, //ssh.FixedHostKey(hostKey),
// optional host key algo list
HostKeyAlgorithms: []string{
ssh.KeyAlgoRSA,
ssh.KeyAlgoDSA,
ssh.KeyAlgoECDSA256,
ssh.KeyAlgoECDSA384,
ssh.KeyAlgoECDSA521,
ssh.KeyAlgoED25519,
},
// optional tcp connect timeout
Timeout: 5 * time.Second,
}
这样添加是忽略host 的PublicKey校验,官方推荐ssh.FixedHostKey
type HostKeyCallback func(hostname string, remote net.Addr, key PublicKey) error func FixedHostKey(key PublicKey) HostKeyCallbackFixedHostKey returns a function for use in ClientConfig.HostKeyCallback to accept only a specific host key
HostKeyCallback is the function type used for verifying server keys. A HostKeyCallback must return nil if the host key is OK, or an error to reject it. It receives the hostname as passed to Dial or NewClientConn. The remote address is the RemoteAddr of the net.Conn underlying the SSH connection.
有兴趣的同学可以参考这个check示例
https://github.com/golang/crypto/blob/master/ssh/example_test.go