docs: add fingerprint

chore: missing Ciphers in removeAllDestFile
chore: update ssh server
2026-06-16 14:49:20 +08:00 · 2020-05-21 23:13:26 +08:00 · 2020-05-21 23:09:53 +08:00 · 2020-05-21 23:09:10 +08:00 · 2020-05-21 23:08:17 +08:00 · 2020-05-05 09:36:22 +08:00
9 changed files with 249 additions and 124 deletions
@@ -9,7 +9,7 @@ platform:
 steps:
 - name: vet
  pull: always
-  image: golang:1.13
+  image: golang:1.14
  commands:
  - make vet
  volumes:
@@ -18,7 +18,7 @@ steps:

 - name: lint
  pull: always
-  image: golang:1.13
+  image: golang:1.14
  commands:
  - make lint
  volumes:
@@ -27,7 +27,7 @@ steps:

 - name: misspell
  pull: always
-  image: golang:1.13
+  image: golang:1.14
  commands:
  - make misspell-check
  volumes:
@@ -36,7 +36,7 @@ steps:

 - name: test
  pull: always
-  image: golang:1.13-alpine
+  image: golang:1.14-alpine
  commands:
  - apk add git make curl perl bash build-base zlib-dev ucl-dev
  - make ssh-server
@@ -68,9 +68,9 @@ platform:
 steps:
 - name: build-push
  pull: always
-  image: golang:1.13
+  image: golang:1.14
  commands:
-  - go build -v -ldflags '-X main.build=${DRONE_BUILD_NUMBER}' -a -o release/linux/amd64/drone-scp
+  - "go build -v -ldflags '-X main.build=${DRONE_BUILD_NUMBER}' -a -o release/linux/amd64/drone-scp"
  environment:
    CGO_ENABLED: 0
  when:
@@ -80,9 +80,9 @@ steps:

 - name: build-tag
  pull: always
-  image: golang:1.13
+  image: golang:1.14
  commands:
-  - go build -v -ldflags '-X main.version=${DRONE_TAG##v} -X main.build=${DRONE_BUILD_NUMBER}' -a -o release/linux/amd64/drone-scp
+  - "go build -v -ldflags '-X main.version=${DRONE_TAG##v} -X main.build=${DRONE_BUILD_NUMBER}' -a -o release/linux/amd64/drone-scp"
  environment:
    CGO_ENABLED: 0
  when:
@@ -91,7 +91,7 @@ steps:

 - name: executable
  pull: always
-  image: golang:1.13
+  image: golang:1.14
  commands:
  - ./release/linux/amd64/drone-scp --help

@@ -130,8 +130,8 @@ steps:
 trigger:
  ref:
  - refs/heads/master
-  - refs/pull/**
-  - refs/tags/**
+  - "refs/pull/**"
+  - "refs/tags/**"

 depends_on:
 - testing
@@ -147,9 +147,9 @@ platform:
 steps:
 - name: build-push
  pull: always
-  image: golang:1.13
+  image: golang:1.14
  commands:
-  - go build -v -ldflags '-X main.build=${DRONE_BUILD_NUMBER}' -a -o release/linux/arm64/drone-scp
+  - "go build -v -ldflags '-X main.build=${DRONE_BUILD_NUMBER}' -a -o release/linux/arm64/drone-scp"
  environment:
    CGO_ENABLED: 0
  when:
@@ -159,9 +159,9 @@ steps:

 - name: build-tag
  pull: always
-  image: golang:1.13
+  image: golang:1.14
  commands:
-  - go build -v -ldflags '-X main.version=${DRONE_TAG##v} -X main.build=${DRONE_BUILD_NUMBER}' -a -o release/linux/arm64/drone-scp
+  - "go build -v -ldflags '-X main.version=${DRONE_TAG##v} -X main.build=${DRONE_BUILD_NUMBER}' -a -o release/linux/arm64/drone-scp"
  environment:
    CGO_ENABLED: 0
  when:
@@ -170,7 +170,7 @@ steps:

 - name: executable
  pull: always
-  image: golang:1.13
+  image: golang:1.14
  commands:
  - ./release/linux/arm64/drone-scp --help

@@ -209,8 +209,8 @@ steps:
 trigger:
  ref:
  - refs/heads/master
-  - refs/pull/**
-  - refs/tags/**
+  - "refs/pull/**"
+  - "refs/tags/**"

 depends_on:
 - testing
@@ -226,9 +226,9 @@ platform:
 steps:
 - name: build-push
  pull: always
-  image: golang:1.13
+  image: golang:1.14
  commands:
-  - go build -v -ldflags '-X main.build=${DRONE_BUILD_NUMBER}' -a -o release/linux/arm/drone-scp
+  - "go build -v -ldflags '-X main.build=${DRONE_BUILD_NUMBER}' -a -o release/linux/arm/drone-scp"
  environment:
    CGO_ENABLED: 0
  when:
@@ -238,9 +238,9 @@ steps:

 - name: build-tag
  pull: always
-  image: golang:1.13
+  image: golang:1.14
  commands:
-  - go build -v -ldflags '-X main.version=${DRONE_TAG##v} -X main.build=${DRONE_BUILD_NUMBER}' -a -o release/linux/arm/drone-scp
+  - "go build -v -ldflags '-X main.version=${DRONE_TAG##v} -X main.build=${DRONE_BUILD_NUMBER}' -a -o release/linux/arm/drone-scp"
  environment:
    CGO_ENABLED: 0
  when:
@@ -249,7 +249,7 @@ steps:

 - name: executable
  pull: always
-  image: golang:1.13
+  image: golang:1.14
  commands:
  - ./release/linux/arm/drone-scp --help

@@ -288,8 +288,8 @@ steps:
 trigger:
  ref:
  - refs/heads/master
-  - refs/pull/**
-  - refs/tags/**
+  - "refs/pull/**"
+  - "refs/tags/**"

 depends_on:
 - testing
@@ -305,7 +305,7 @@ platform:
 steps:
 - name: build-all-binary
  pull: always
-  image: golang:1.13
+  image: golang:1.14
  commands:
  - make release
  when:
@@ -319,14 +319,14 @@ steps:
    api_key:
      from_secret: github_release_api_key
    files:
-    - dist/release/*
+    - "dist/release/*"
  when:
    event:
    - tag

 trigger:
  ref:
-  - refs/tags/**
+  - "refs/tags/**"

 depends_on:
 - testing
@@ -354,7 +354,7 @@ steps:
 trigger:
  ref:
  - refs/heads/master
-  - refs/tags/**
+  - "refs/tags/**"

 depends_on:
 - linux-amd64
@@ -204,9 +204,12 @@ password
 key
 : plain text of user private key

-ssh_passphrase
+passphrase
 : The purpose of the passphrase is usually to encrypt the private key.

+fingerprint
+: fingerprint SHA256 of the host public key, default is to skip verification
+
 target
 : folder path of target host

@@ -252,9 +255,12 @@ proxy_key
 proxy_key_path
 : key path of proxy private key

-proxy_ssh_passphrase
+proxy_passphrase
 : The purpose of the passphrase is usually to encrypt the private key.

+proxy_fingerprint
+: fingerprint SHA256 of the host public key, default is to skip verification
+
 ## Template Reference

 repo.owner
@@ -9,7 +9,6 @@ DEPLOY_IMAGE := $(EXECUTABLE)

 TARGETS ?= linux darwin windows
 ARCHS ?= amd64 386
-PACKAGES ?= $(shell $(GO) list ./...)
 SOURCES ?= $(shell find . -name "*.go" -type f)
 TAGS ?=
 LDFLAGS ?= -X 'main.Version=$(VERSION)'
@@ -32,7 +31,7 @@ fmt:
 	$(GOFMT) -w $(SOURCES)

 vet:
-	$(GO) vet $(PACKAGES)
+	$(GO) vet ./...

 lint:
 	@hash revive > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
@@ -64,7 +63,7 @@ fmt-check:
 	fi;

 test: fmt-check
-	@$(GO) test -v -cover -coverprofile coverage.txt $(PACKAGES) && echo "\n==>\033[32m Ok\033[m\n" || exit 1
+	@$(GO) test -v -cover -coverprofile coverage.txt ./... && echo "\n==>\033[32m Ok\033[m\n" || exit 1

 install: $(SOURCES)
 	$(GO) install -v -tags '$(TAGS)' -ldflags '$(EXTLDFLAGS)-s -w $(LDFLAGS)'
@@ -118,16 +117,18 @@ endif
 	docker push $(DEPLOY_ACCOUNT)/$(DEPLOY_IMAGE):$(tag)

 ssh-server:
-	adduser -h /home/drone-scp -s /bin/bash -D -S drone-scp
+	adduser -h /home/drone-scp -s /bin/sh -D -S drone-scp
 	echo drone-scp:1234 | chpasswd
 	mkdir -p /home/drone-scp/.ssh
 	chmod 700 /home/drone-scp/.ssh
 	cat tests/.ssh/id_rsa.pub >> /home/drone-scp/.ssh/authorized_keys
 	cat tests/.ssh/test.pub >> /home/drone-scp/.ssh/authorized_keys
+	chmod 600 /home/drone-scp/.ssh/authorized_keys
 	chown -R drone-scp /home/drone-scp/.ssh
 	# install ssh and start server
 	apk add --update openssh openrc
 	rm -rf /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_dsa_key
+	sed -i 's/^#PubkeyAuthentication yes/PubkeyAuthentication yes/g' /etc/ssh/sshd_config
 	sed -i 's/AllowTcpForwarding no/AllowTcpForwarding yes/g' /etc/ssh/sshd_config
 	./tests/entrypoint.sh /usr/sbin/sshd -D &

@@ -137,6 +138,3 @@ coverage:
 clean:
 	$(GO) clean -x -i ./...
 	rm -rf coverage.txt $(EXECUTABLE) $(DIST)
-
-version:
-	@echo $(VERSION)
@@ -1,14 +1,13 @@
 module github.com/appleboy/drone-scp

-go 1.13
+go 1.14

 require (
-	github.com/appleboy/com v0.0.2
-	github.com/appleboy/easyssh-proxy v1.3.0
-	github.com/fatih/color v1.7.0
+	github.com/appleboy/com v0.0.6
+	github.com/appleboy/easyssh-proxy v1.3.5
+	github.com/fatih/color v1.9.0
 	github.com/joho/godotenv v1.3.0
-	github.com/mattn/go-colorable v0.1.4 // indirect
-	github.com/mattn/go-isatty v0.0.10 // indirect
-	github.com/stretchr/testify v1.4.0
-	github.com/urfave/cli/v2 v2.1.1
+	github.com/stretchr/testify v1.5.1
+	github.com/urfave/cli/v2 v2.2.0
+	golang.org/x/crypto v0.0.0-20191227163750-53104e6ec876
 )
@@ -1,25 +1,25 @@
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/ScaleFT/sshkeys v0.0.0-20181112160850-82451a803681 h1:JS2rl38kZmHgWa0xINSaSYH0Whtvem64/4+Ef0+Y5pE=
 github.com/ScaleFT/sshkeys v0.0.0-20181112160850-82451a803681/go.mod h1:WfDateMPQ/55dPbZRp5Zxrux5WiEaHsjk9puUhz0KgY=
-github.com/appleboy/com v0.0.2 h1:sexcPX7gp7peXMlOJMxEYcRucW7DW0XHgFZqUB6PI6g=
-github.com/appleboy/com v0.0.2/go.mod h1:jnufjIC3opMlReyPPPye+8JqNvUzLm25o7h6SOy8nv0=
-github.com/appleboy/easyssh-proxy v1.3.0 h1:ToH+hZDPWP9/9E58lwxDLJQSHvgGgDAQ9ZVx6x5oofI=
-github.com/appleboy/easyssh-proxy v1.3.0/go.mod h1:Kk57I3w7OCafOjp5kgZFvxk2fO8Tca5CriBTOsbSbjY=
+github.com/appleboy/com v0.0.6 h1:l8cZ0aQJU/SWyL79ciYAJeqV835PRdlZ6efiPhus5Ic=
+github.com/appleboy/com v0.0.6/go.mod h1:jnufjIC3opMlReyPPPye+8JqNvUzLm25o7h6SOy8nv0=
+github.com/appleboy/easyssh-proxy v1.3.5 h1:EGTCbqAVRcGKHQMFSxz30lQmb+0nXL+jUiCrg/FjHQM=
+github.com/appleboy/easyssh-proxy v1.3.5/go.mod h1:Kk57I3w7OCafOjp5kgZFvxk2fO8Tca5CriBTOsbSbjY=
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d h1:U+s90UTSYgptZMwQh2aRr3LuazLJIa+Pg3Kc1ylSYVY=
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/dchest/bcrypt_pbkdf v0.0.0-20150205184540-83f37f9c154a h1:saTgr5tMLFnmy/yg3qDTft4rE5DY2uJ/cCxCe3q0XTU=
 github.com/dchest/bcrypt_pbkdf v0.0.0-20150205184540-83f37f9c154a/go.mod h1:Bw9BbhOJVNR+t0jCqx2GC6zv0TGBsShs56Y3gfSCvl0=
-github.com/fatih/color v1.7.0 h1:DkWD4oS2D8LGGgTQ6IvwJJXSL5Vp2ffcQg58nFV38Ys=
-github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
+github.com/fatih/color v1.9.0 h1:8xPHl4/q1VyqGIPif1F+1V3Y3lSmrq01EabUW3CoW5s=
+github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU=
 github.com/joho/godotenv v1.3.0 h1:Zjp+RcGpHhGlrMbJzXTrZZPrWj+1vfm90La1wgB6Bhc=
 github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg=
 github.com/mattn/go-colorable v0.1.4 h1:snbPLB8fVfU9iwbbo30TPtbLRzwWu6aJS6Xh4eaaviA=
 github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
 github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
-github.com/mattn/go-isatty v0.0.10 h1:qxFzApOv4WsAL965uUPIsXzAKCZxN2p9UqdhFS4ZW10=
-github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84=
+github.com/mattn/go-isatty v0.0.11 h1:FxPOTFNqGkuDUGi3H/qkUbQO4ZiBa2brKq5r0l8TGeM=
+github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q=
@@ -28,20 +28,19 @@ github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5I
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk=
-github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
-github.com/urfave/cli/v2 v2.1.1 h1:Qt8FeAtxE/vfdrLmR3rxR6JRE0RoVmbXu8+6kZtYU4k=
-github.com/urfave/cli/v2 v2.1.1/go.mod h1:SE9GqnLQmjVa0iPEY0f1w3ygNIYcIJ0OKPMoW2caLfQ=
+github.com/stretchr/testify v1.5.1 h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H4=
+github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
+github.com/urfave/cli/v2 v2.2.0 h1:JTTnM6wKzdA0Jqodd966MVj4vWbbquZykeX1sKbe2C4=
+github.com/urfave/cli/v2 v2.2.0/go.mod h1:SE9GqnLQmjVa0iPEY0f1w3ygNIYcIJ0OKPMoW2caLfQ=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191227163750-53104e6ec876 h1:sKJQZMuxjOAR/Uo2LBfU90onWEf1dF4C+0hPJCc9Mpc=
 golang.org/x/crypto v0.0.0-20191227163750-53104e6ec876/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a h1:1BGLXjeY4akVXGgbC9HugT3Jv3hCI0z56oJR5vAMgBU=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191008105621-543471e840be h1:QAcqgptGM8IQBC9K/RC4o+O9YmqEm0diQn9QmZw/0mU=
-golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191026070338-33540a1f6037 h1:YyJpGZS1sBuBCzLAR1VEpK193GlqGZbnPFnPV/5Rsb4=
+golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -17,6 +17,13 @@ var (
 )

 func main() {
+	// Load env-file if it exists first
+	if filename, found := os.LookupEnv("PLUGIN_ENV_FILE"); found {
+		_ = godotenv.Load(filename)
+	}
+
+	defaultCiphers := []string{"aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "arcfour256", "arcfour128", "aes128-cbc", "3des-cbc"}
+
 	app := cli.NewApp()
 	app.Name = "Drone SCP"
 	app.Usage = "Copy files and artifacts via SSH."
@@ -32,9 +39,10 @@ func main() {
 	app.Version = Version
 	app.Flags = []cli.Flag{
 		&cli.StringSliceFlag{
-			Name:    "host, H",
-			Usage:   "Server host",
-			EnvVars: []string{"PLUGIN_HOST", "SCP_HOST", "SSH_HOST", "HOST", "INPUT_HOST"},
+			Name:     "host, H",
+			Usage:    "Server host",
+			EnvVars:  []string{"PLUGIN_HOST", "SCP_HOST", "SSH_HOST", "HOST", "INPUT_HOST"},
+			FilePath: ".host",
 		},
 		&cli.StringFlag{
 			Name:    "port, P",
@@ -52,6 +60,17 @@ func main() {
 			Usage:   "Password for password-based authentication",
 			EnvVars: []string{"PLUGIN_PASSWORD", "SCP_PASSWORD", "SSH_PASSWORD", "PASSWORD", "INPUT_PASSWORD"},
 		},
+		&cli.StringSliceFlag{
+			Name:    "ciphers",
+			Usage:   "The allowed cipher algorithms. If unspecified then a sensible",
+			EnvVars: []string{"PLUGIN_CIPHERS", "SSH_CIPHERS", "CIPHERS", "INPUT_CIPHERS"},
+			Value:   cli.NewStringSlice(defaultCiphers...),
+		},
+		&cli.StringFlag{
+			Name:    "fingerprint",
+			Usage:   "fingerprint SHA256 of the host public key, default is to skip verification",
+			EnvVars: []string{"PLUGIN_FINGERPRINT", "SSH_FINGERPRINT", "FINGERPRINT", "INPUT_FINGERPRINT"},
+		},
 		&cli.DurationFlag{
 			Name:    "timeout",
 			Usage:   "connection timeout",
@@ -147,10 +166,6 @@ func main() {
 			Usage:   "build link",
 			EnvVars: []string{"DRONE_BUILD_LINK"},
 		},
-		&cli.StringFlag{
-			Name:  "env-file",
-			Usage: "source env file",
-		},
 		&cli.StringFlag{
 			Name:    "proxy.ssh-key",
 			Usage:   "private ssh key of proxy",
@@ -159,7 +174,7 @@ func main() {
 		&cli.StringFlag{
 			Name:    "proxy.ssh-passphrase",
 			Usage:   "The purpose of the passphrase is usually to encrypt the private key.",
-			EnvVars: []string{"PLUGIN_PROXY_SSH_PASSPHRASE", "PLUGIN_PROXY_PASSPHRASE", "PROXY_SSH_PASSPHRASE,PROXY_PASSPHRASE", "INPUT_PROXY_PASSPHRASE"},
+			EnvVars: []string{"PLUGIN_PROXY_SSH_PASSPHRASE", "PLUGIN_PROXY_PASSPHRASE", "PROXY_SSH_PASSPHRASE", "PROXY_PASSPHRASE", "INPUT_PROXY_PASSPHRASE"},
 		},
 		&cli.StringFlag{
 			Name:    "proxy.key-path",
@@ -182,6 +197,17 @@ func main() {
 			Usage:   "connect to host of proxy",
 			EnvVars: []string{"PLUGIN_PROXY_HOST", "PROXY_SSH_HOST", "PROXY_HOST", "INPUT_PROXY_HOST"},
 		},
+		&cli.StringSliceFlag{
+			Name:    "proxy.ciphers",
+			Usage:   "The allowed cipher algorithms. If unspecified then a sensible",
+			EnvVars: []string{"PLUGIN_PROXY_CIPHERS", "PROXY_SSH_CIPHERS", "PROXY_CIPHERS", "INPUT_PROXY_CIPHERS"},
+			Value:   cli.NewStringSlice(defaultCiphers...),
+		},
+		&cli.StringFlag{
+			Name:    "proxy.fingerprint",
+			Usage:   "fingerprint SHA256 of the host public key, default is to skip verification",
+			EnvVars: []string{"PLUGIN_PROXY_FINGERPRINT", "SSH_PROXY_FINGERPRINT", "PROXY_FINGERPRINT", "INPUT_PROXY_FINGERPRINT"},
+		},
 		&cli.StringFlag{
 			Name:    "proxy.port",
 			Usage:   "connect to port of proxy",
@@ -260,10 +286,6 @@ REPOSITORY:
 }

 func run(c *cli.Context) error {
-	if c.String("env-file") != "" {
-		_ = godotenv.Load(c.String("env-file"))
-	}
-
 	plugin := Plugin{
 		Repo: Repo{
 			Owner: c.String("repo.owner"),
@@ -285,6 +307,7 @@ func run(c *cli.Context) error {
 			Username:        c.String("username"),
 			Password:        c.String("password"),
 			Passphrase:      c.String("ssh-passphrase"),
+			Fingerprint:     c.String("fingerprint"),
 			Timeout:         c.Duration("timeout"),
 			CommandTimeout:  c.Duration("command.timeout"),
 			Key:             c.String("ssh-key"),
@@ -297,15 +320,18 @@ func run(c *cli.Context) error {
 			TarExec:         c.String("tar.exec"),
 			TarTmpPath:      c.String("tar.tmp-path"),
 			Overwrite:       c.Bool("overwrite"),
+			Ciphers:         c.StringSlice("ciphers"),
 			Proxy: easyssh.DefaultConfig{
-				Key:        c.String("proxy.ssh-key"),
-				Passphrase: c.String("proxy.ssh-passphrase"),
-				KeyPath:    c.String("proxy.key-path"),
-				User:       c.String("proxy.username"),
-				Password:   c.String("proxy.password"),
-				Server:     c.String("proxy.host"),
-				Port:       c.String("proxy.port"),
-				Timeout:    c.Duration("proxy.timeout"),
+				Key:         c.String("proxy.ssh-key"),
+				Passphrase:  c.String("proxy.ssh-passphrase"),
+				Fingerprint: c.String("proxy.fingerprint"),
+				KeyPath:     c.String("proxy.key-path"),
+				User:        c.String("proxy.username"),
+				Password:    c.String("proxy.password"),
+				Server:      c.String("proxy.host"),
+				Port:        c.String("proxy.port"),
+				Timeout:     c.Duration("proxy.timeout"),
+				Ciphers:     c.StringSlice("proxy.ciphers"),
 			},
 		},
 	}
@@ -9,7 +9,7 @@
    steps: [
      {
        name: 'vet',
-        image: 'golang:1.13',
+        image: 'golang:1.14',
        pull: 'always',
        commands: [
          'make vet',
@@ -23,7 +23,7 @@
      },
      {
        name: 'lint',
-        image: 'golang:1.13',
+        image: 'golang:1.14',
        pull: 'always',
        commands: [
          'make lint',
@@ -37,7 +37,7 @@
      },
      {
        name: 'misspell',
-        image: 'golang:1.13',
+        image: 'golang:1.14',
        pull: 'always',
        commands: [
          'make misspell-check',
@@ -51,7 +51,7 @@
      },
      {
        name: 'test',
-        image: 'golang:1.13-alpine',
+        image: 'golang:1.14-alpine',
        pull: 'always',
        commands: [
          'apk add git make curl perl bash build-base zlib-dev ucl-dev',
@@ -93,7 +93,7 @@
    steps: [
      {
        name: 'build-push',
-        image: 'golang:1.13',
+        image: 'golang:1.14',
        pull: 'always',
        environment: {
          CGO_ENABLED: '0',
@@ -109,7 +109,7 @@
      },
      {
        name: 'build-tag',
-        image: 'golang:1.13',
+        image: 'golang:1.14',
        pull: 'always',
        environment: {
          CGO_ENABLED: '0',
@@ -123,7 +123,7 @@
      },
      {
        name: 'executable',
-        image: 'golang:1.13',
+        image: 'golang:1.14',
        pull: 'always',
        commands: [
          './release/' + os + '/' + arch + '/' + name + ' --help',
@@ -188,7 +188,7 @@
    steps: [
      {
        name: 'build-all-binary',
-        image: 'golang:1.13',
+        image: 'golang:1.14',
        pull: 'always',
        commands: [
          'make release'
@@ -51,6 +51,7 @@ type (
 		Password        string
 		Key             string
 		Passphrase      string
+		Fingerprint     string
 		KeyPath         string
 		Timeout         time.Duration
 		CommandTimeout  time.Duration
@@ -63,6 +64,7 @@ type (
 		Proxy           easyssh.DefaultConfig
 		Debug           bool
 		Overwrite       bool
+		Ciphers         []string
 	}

 	// Plugin values.
@@ -165,23 +167,27 @@ func (p *Plugin) removeDestFile(ssh *easyssh.MakeConfig) error {
 func (p *Plugin) removeAllDestFile() error {
 	for _, host := range p.Config.Host {
 		ssh := &easyssh.MakeConfig{
-			Server:     host,
-			User:       p.Config.Username,
-			Password:   p.Config.Password,
-			Port:       p.Config.Port,
-			Key:        p.Config.Key,
-			KeyPath:    p.Config.KeyPath,
-			Passphrase: p.Config.Passphrase,
-			Timeout:    p.Config.Timeout,
+			Server:      host,
+			User:        p.Config.Username,
+			Password:    p.Config.Password,
+			Port:        p.Config.Port,
+			Key:         p.Config.Key,
+			KeyPath:     p.Config.KeyPath,
+			Passphrase:  p.Config.Passphrase,
+			Timeout:     p.Config.Timeout,
+			Ciphers:     p.Config.Ciphers,
+			Fingerprint: p.Config.Fingerprint,
 			Proxy: easyssh.DefaultConfig{
-				Server:     p.Config.Proxy.Server,
-				User:       p.Config.Proxy.User,
-				Password:   p.Config.Proxy.Password,
-				Port:       p.Config.Proxy.Port,
-				Key:        p.Config.Proxy.Key,
-				KeyPath:    p.Config.Proxy.KeyPath,
-				Passphrase: p.Config.Proxy.Passphrase,
-				Timeout:    p.Config.Proxy.Timeout,
+				Server:      p.Config.Proxy.Server,
+				User:        p.Config.Proxy.User,
+				Password:    p.Config.Proxy.Password,
+				Port:        p.Config.Proxy.Port,
+				Key:         p.Config.Proxy.Key,
+				KeyPath:     p.Config.Proxy.KeyPath,
+				Passphrase:  p.Config.Proxy.Passphrase,
+				Timeout:     p.Config.Proxy.Timeout,
+				Ciphers:     p.Config.Proxy.Ciphers,
+				Fingerprint: p.Config.Proxy.Fingerprint,
 			},
 		}

@@ -275,23 +281,27 @@ func (p *Plugin) Exec() error {
 		go func(host string) {
 			// Create MakeConfig instance with remote username, server address and path to private key.
 			ssh := &easyssh.MakeConfig{
-				Server:     host,
-				User:       p.Config.Username,
-				Password:   p.Config.Password,
-				Port:       p.Config.Port,
-				Key:        p.Config.Key,
-				KeyPath:    p.Config.KeyPath,
-				Passphrase: p.Config.Passphrase,
-				Timeout:    p.Config.Timeout,
+				Server:      host,
+				User:        p.Config.Username,
+				Password:    p.Config.Password,
+				Port:        p.Config.Port,
+				Key:         p.Config.Key,
+				KeyPath:     p.Config.KeyPath,
+				Passphrase:  p.Config.Passphrase,
+				Timeout:     p.Config.Timeout,
+				Ciphers:     p.Config.Ciphers,
+				Fingerprint: p.Config.Fingerprint,
 				Proxy: easyssh.DefaultConfig{
-					Server:     p.Config.Proxy.Server,
-					User:       p.Config.Proxy.User,
-					Password:   p.Config.Proxy.Password,
-					Port:       p.Config.Proxy.Port,
-					Key:        p.Config.Proxy.Key,
-					KeyPath:    p.Config.Proxy.KeyPath,
-					Passphrase: p.Config.Proxy.Passphrase,
-					Timeout:    p.Config.Proxy.Timeout,
+					Server:      p.Config.Proxy.Server,
+					User:        p.Config.Proxy.User,
+					Password:    p.Config.Proxy.Password,
+					Port:        p.Config.Proxy.Port,
+					Key:         p.Config.Proxy.Key,
+					KeyPath:     p.Config.Proxy.KeyPath,
+					Passphrase:  p.Config.Proxy.Passphrase,
+					Timeout:     p.Config.Proxy.Timeout,
+					Ciphers:     p.Config.Proxy.Ciphers,
+					Fingerprint: p.Config.Proxy.Fingerprint,
 				},
 			}

@@ -386,9 +396,9 @@ func (p *Plugin) Exec() error {
 		}
 	}

-	fmt.Println("================================================")
-	fmt.Println("Successfully executed transfer data to all host.")
-	fmt.Println("================================================")
+	fmt.Println("===================================================")
+	fmt.Println("✅ Successfully executed transfer data to all host")
+	fmt.Println("===================================================")

 	return nil
 }
@@ -1,6 +1,8 @@
 package main

 import (
+	"io/ioutil"
+	"log"
 	"os"
 	"os/exec"
 	"os/user"
@@ -11,6 +13,7 @@ import (

 	"github.com/appleboy/easyssh-proxy"
 	"github.com/stretchr/testify/assert"
+	"golang.org/x/crypto/ssh"
 )

 func TestMissingAllConfig(t *testing.T) {
@@ -169,6 +172,90 @@ func TestSCPFileFromPublicKeyWithPassphrase(t *testing.T) {
 	}
 }

+func TestWrongFingerprint(t *testing.T) {
+	u, err := user.Lookup("drone-scp")
+	if err != nil {
+		t.Fatalf("Lookup: %v", err)
+	}
+
+	plugin := Plugin{
+		Config: Config{
+			Host:           []string{"localhost"},
+			Username:       "drone-scp",
+			Port:           "22",
+			KeyPath:        "./tests/.ssh/id_rsa",
+			Source:         []string{"tests/a.txt", "tests/b.txt"},
+			Target:         []string{filepath.Join(u.HomeDir, "/test2")},
+			CommandTimeout: 60 * time.Second,
+			TarExec:        "tar",
+			Fingerprint:    "wrong",
+		},
+	}
+
+	err = plugin.Exec()
+	log.Println(err)
+	assert.NotNil(t, err)
+}
+
+func getHostPublicKeyFile(keypath string) (ssh.PublicKey, error) {
+	var pubkey ssh.PublicKey
+	var err error
+	buf, err := ioutil.ReadFile(keypath)
+	if err != nil {
+		return nil, err
+	}
+
+	pubkey, _, _, _, err = ssh.ParseAuthorizedKey(buf)
+
+	if err != nil {
+		return nil, err
+	}
+
+	return pubkey, nil
+}
+
+func TestSCPFileFromPublicKeyWithFingerprint(t *testing.T) {
+	if os.Getenv("SSH_AUTH_SOCK") != "" {
+		if err := exec.Command("eval", "`ssh-agent -k`").Run(); err != nil {
+			t.Fatalf("exec: %v", err)
+		}
+	}
+
+	u, err := user.Lookup("drone-scp")
+	if err != nil {
+		t.Fatalf("Lookup: %v", err)
+	}
+
+	hostKey, err := getHostPublicKeyFile("/etc/ssh/ssh_host_rsa_key.pub")
+	assert.NoError(t, err)
+
+	plugin := Plugin{
+		Config: Config{
+			Host:           []string{"localhost"},
+			Username:       "drone-scp",
+			Port:           "22",
+			KeyPath:        "./tests/.ssh/id_rsa",
+			Fingerprint:    ssh.FingerprintSHA256(hostKey),
+			Source:         []string{"tests/a.txt", "tests/b.txt"},
+			Target:         []string{filepath.Join(u.HomeDir, "/test2")},
+			CommandTimeout: 60 * time.Second,
+			TarExec:        "tar",
+		},
+	}
+
+	err = plugin.Exec()
+	assert.Nil(t, err)
+
+	// check file exist
+	if _, err := os.Stat(filepath.Join(u.HomeDir, "/test2/tests/a.txt")); os.IsNotExist(err) {
+		t.Fatalf("SCP-error: %v", err)
+	}
+
+	if _, err := os.Stat(filepath.Join(u.HomeDir, "/test2/tests/b.txt")); os.IsNotExist(err) {
+		t.Fatalf("SCP-error: %v", err)
+	}
+}
+
 func TestSCPWildcardFileList(t *testing.T) {
 	if os.Getenv("SSH_AUTH_SOCK") != "" {
 		if err := exec.Command("eval", "`ssh-agent -k`").Run(); err != nil {
Author	SHA1	Message	Date
Bo-Yi Wu	6d6124e8d8	docs: add fingerprint	2020-05-21 23:13:26 +08:00
Bo-Yi Wu	f4fff01bdb	chore: missing Ciphers in removeAllDestFile	2020-05-21 23:09:53 +08:00
Bo-Yi Wu	ac8ff855ae	chore: update ssh server	2020-05-21 23:09:10 +08:00
Bo-Yi Wu	2ff51f00ff	chore: support Fingerprint (#114 )	2020-05-21 23:08:17 +08:00
Bo-Yi Wu	b0f9b5b277	remove load env file from urfave/cli Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>	2020-05-05 09:36:22 +08:00
Bo-Yi Wu	457861ab2a	chore(ssh): support Ciphers Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>	2020-05-04 10:27:02 +08:00
techknowlogick	1996e5d780	Add option to use file for host info (#113 )	2020-04-29 14:22:30 +08:00
Bo-Yi Wu	c75daae1f3	upgrade go version Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>	2020-04-16 15:29:15 +08:00
Bo-Yi Wu	72e6ea15b6	upgrade easyssh-proxy Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>	2020-04-16 15:28:58 +08:00
Bo-Yi Wu	bad565d475	update success message format. Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>	2020-02-27 09:53:36 +08:00
Bo-Yi Wu	8216bd8fb8	update to go 1.14 Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>	2020-02-27 09:51:12 +08:00
Daniel Bingham	3d36432240	Fix typo in EnvVars for ssh-passphrase (#109 )	2020-02-27 08:58:49 +08:00
Bo-Yi Wu	2fcaffcac8	docs: update passphrase variable Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>	2020-02-07 13:27:23 +08:00
Bo-Yi Wu	c1e3242f53	update module Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>	2020-02-07 13:24:23 +08:00
Bo-Yi Wu	8e4a3f5e0c	chore(makefile): remove GOPACKAGE variable	2020-02-01 00:41:34 +08:00