fix: missing installed version

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>

.drone.yml

@@ -1,105 +1,69 @@
 ---
 kind: pipeline
 name: testing
-
 platform:
-  os: linux
   arch: amd64
-
+  os: linux
 steps:
-- name: vet
-  pull: always
-  image: golang:1.14
-  commands:
+- commands:
   - make vet
+  image: golang:1.18
+  name: vet
+  pull: always
   volumes:
   - name: gopath
     path: /go
-
-- name: lint
+- image: robertstettner/drone-codecov
+  name: codecov
   pull: always
-  image: golang:1.14
-  commands:
-  - make lint
-  volumes:
-  - name: gopath
-    path: /go
-
-- name: misspell
-  pull: always
-  image: golang:1.14
-  commands:
-  - make misspell-check
-  volumes:
-  - name: gopath
-    path: /go
-
-- name: test
-  pull: always
-  image: golang:1.14-alpine
-  commands:
-  - apk add git make curl perl bash build-base zlib-dev ucl-dev
-  - make ssh-server
-  - make test
-  - make coverage
-  volumes:
-  - name: gopath
-    path: /go
-
-- name: codecov
-  pull: always
-  image: robertstettner/drone-codecov
   settings:
     token:
       from_secret: codecov_token
-
 volumes:
 - name: gopath
   temp: {}
-
 ---
+depends_on:
+- testing
 kind: pipeline
 name: linux-amd64
-
 platform:
-  os: linux
   arch: amd64
-
+  os: linux
 steps:
-- name: build-push
-  pull: always
-  image: golang:1.14
-  commands:
-  - "go build -v -ldflags '-X main.build=${DRONE_BUILD_NUMBER}' -a -o release/linux/amd64/drone-scp"
+- commands:
+  - go build -v -ldflags '-X main.build=${DRONE_BUILD_NUMBER}' -a -o release/linux/amd64/drone-scp
   environment:
-    CGO_ENABLED: 0
+    CGO_ENABLED: "0"
+  image: golang:1.18
+  name: build-push
+  pull: always
   when:
     event:
       exclude:
       - tag
-
-- name: build-tag
-  pull: always
-  image: golang:1.14
-  commands:
-  - "go build -v -ldflags '-X main.version=${DRONE_TAG##v} -X main.build=${DRONE_BUILD_NUMBER}' -a -o release/linux/amd64/drone-scp"
+- commands:
+  - go build -v -ldflags '-X main.version=${DRONE_TAG##v} -X main.build=${DRONE_BUILD_NUMBER}'
+    -a -o release/linux/amd64/drone-scp
   environment:
-    CGO_ENABLED: 0
+    CGO_ENABLED: "0"
+  image: golang:1.18
+  name: build-tag
+  pull: always
   when:
     event:
     - tag
-
-- name: executable
-  pull: always
-  image: golang:1.14
-  commands:
+- commands:
   - ./release/linux/amd64/drone-scp --help
-
-- name: dryrun
+  image: golang:1.18
+  name: executable
+  pull: always
+- image: plugins/docker:linux-amd64
+  name: dryrun
   pull: always
-  image: plugins/docker:linux-amd64
   settings:
     cache_from: appleboy/drone-scp
+    daemon_off: false
     dockerfile: docker/Dockerfile.linux.amd64
     dry_run: true
     repo: appleboy/drone-scp
@@ -107,15 +71,14 @@ steps:
   when:
     event:
     - pull_request
-
-- name: publish
+- image: plugins/docker:linux-amd64
+  name: publish
   pull: always
-  image: plugins/docker:linux-amd64
   settings:
     auto_tag: true
     auto_tag_suffix: linux-amd64
     cache_from: appleboy/drone-scp
-    daemon_off: false
+    daemon_off: "false"
     dockerfile: docker/Dockerfile.linux.amd64
     password:
       from_secret: docker_password
@@ -126,59 +89,53 @@ steps:
     event:
       exclude:
       - pull_request
-
 trigger:
   ref:
   - refs/heads/master
-  - "refs/pull/**"
-  - "refs/tags/**"
-
+  - refs/pull/**
+  - refs/tags/**
+---
 depends_on:
 - testing
-
----
 kind: pipeline
 name: linux-arm64
-
 platform:
-  os: linux
   arch: arm64
-
+  os: linux
 steps:
-- name: build-push
-  pull: always
-  image: golang:1.14
-  commands:
-  - "go build -v -ldflags '-X main.build=${DRONE_BUILD_NUMBER}' -a -o release/linux/arm64/drone-scp"
+- commands:
+  - go build -v -ldflags '-X main.build=${DRONE_BUILD_NUMBER}' -a -o release/linux/arm64/drone-scp
   environment:
-    CGO_ENABLED: 0
+    CGO_ENABLED: "0"
+  image: golang:1.18
+  name: build-push
+  pull: always
   when:
     event:
       exclude:
       - tag
-
-- name: build-tag
-  pull: always
-  image: golang:1.14
-  commands:
-  - "go build -v -ldflags '-X main.version=${DRONE_TAG##v} -X main.build=${DRONE_BUILD_NUMBER}' -a -o release/linux/arm64/drone-scp"
+- commands:
+  - go build -v -ldflags '-X main.version=${DRONE_TAG##v} -X main.build=${DRONE_BUILD_NUMBER}'
+    -a -o release/linux/arm64/drone-scp
   environment:
-    CGO_ENABLED: 0
+    CGO_ENABLED: "0"
+  image: golang:1.18
+  name: build-tag
+  pull: always
   when:
     event:
     - tag
-
-- name: executable
-  pull: always
-  image: golang:1.14
-  commands:
+- commands:
   - ./release/linux/arm64/drone-scp --help
-
-- name: dryrun
+  image: golang:1.18
+  name: executable
+  pull: always
+- image: plugins/docker:linux-arm64
+  name: dryrun
   pull: always
-  image: plugins/docker:linux-arm64
   settings:
     cache_from: appleboy/drone-scp
+    daemon_off: false
     dockerfile: docker/Dockerfile.linux.arm64
     dry_run: true
     repo: appleboy/drone-scp
@@ -186,15 +143,14 @@ steps:
   when:
     event:
     - pull_request
-
-- name: publish
+- image: plugins/docker:linux-arm64
+  name: publish
   pull: always
-  image: plugins/docker:linux-arm64
   settings:
     auto_tag: true
     auto_tag_suffix: linux-arm64
     cache_from: appleboy/drone-scp
-    daemon_off: false
+    daemon_off: "false"
     dockerfile: docker/Dockerfile.linux.arm64
     password:
       from_secret: docker_password
@@ -205,59 +161,53 @@ steps:
     event:
       exclude:
       - pull_request
-
 trigger:
   ref:
   - refs/heads/master
-  - "refs/pull/**"
-  - "refs/tags/**"
-
+  - refs/pull/**
+  - refs/tags/**
+---
 depends_on:
 - testing
-
----
 kind: pipeline
 name: linux-arm
-
 platform:
-  os: linux
   arch: arm
-
+  os: linux
 steps:
-- name: build-push
-  pull: always
-  image: golang:1.14
-  commands:
-  - "go build -v -ldflags '-X main.build=${DRONE_BUILD_NUMBER}' -a -o release/linux/arm/drone-scp"
+- commands:
+  - go build -v -ldflags '-X main.build=${DRONE_BUILD_NUMBER}' -a -o release/linux/arm/drone-scp
   environment:
-    CGO_ENABLED: 0
+    CGO_ENABLED: "0"
+  image: golang:1.18
+  name: build-push
+  pull: always
   when:
     event:
       exclude:
       - tag
-
-- name: build-tag
-  pull: always
-  image: golang:1.14
-  commands:
-  - "go build -v -ldflags '-X main.version=${DRONE_TAG##v} -X main.build=${DRONE_BUILD_NUMBER}' -a -o release/linux/arm/drone-scp"
+- commands:
+  - go build -v -ldflags '-X main.version=${DRONE_TAG##v} -X main.build=${DRONE_BUILD_NUMBER}'
+    -a -o release/linux/arm/drone-scp
   environment:
-    CGO_ENABLED: 0
+    CGO_ENABLED: "0"
+  image: golang:1.18
+  name: build-tag
+  pull: always
   when:
     event:
     - tag
-
-- name: executable
-  pull: always
-  image: golang:1.14
-  commands:
+- commands:
   - ./release/linux/arm/drone-scp --help
-
-- name: dryrun
+  image: golang:1.18
+  name: executable
+  pull: always
+- image: plugins/docker:linux-arm
+  name: dryrun
   pull: always
-  image: plugins/docker:linux-arm
   settings:
     cache_from: appleboy/drone-scp
+    daemon_off: false
     dockerfile: docker/Dockerfile.linux.arm
     dry_run: true
     repo: appleboy/drone-scp
@@ -265,15 +215,14 @@ steps:
   when:
     event:
     - pull_request
-
-- name: publish
+- image: plugins/docker:linux-arm
+  name: publish
   pull: always
-  image: plugins/docker:linux-arm
   settings:
     auto_tag: true
     auto_tag_suffix: linux-arm
     cache_from: appleboy/drone-scp
-    daemon_off: false
+    daemon_off: "false"
     dockerfile: docker/Dockerfile.linux.arm
     password:
       from_secret: docker_password
@@ -284,65 +233,57 @@ steps:
     event:
       exclude:
       - pull_request
-
 trigger:
   ref:
   - refs/heads/master
-  - "refs/pull/**"
-  - "refs/tags/**"
-
+  - refs/pull/**
+  - refs/tags/**
+---
 depends_on:
 - testing
-
----
 kind: pipeline
 name: release-binary
-
 platform:
-  os: linux
   arch: amd64
-
+  os: linux
 steps:
-- name: build-all-binary
-  pull: always
-  image: golang:1.14
-  commands:
+- commands:
   - make release
+  image: golang:1.18
+  name: build-all-binary
+  pull: always
   when:
     event:
     - tag
-
-- name: deploy-all-binary
+- image: plugins/github-release
+  name: deploy-all-binary
   pull: always
-  image: plugins/github-release
   settings:
     api_key:
       from_secret: github_release_api_key
     files:
-    - "dist/release/*"
+    - dist/release/*
   when:
     event:
     - tag
-
 trigger:
   ref:
-  - "refs/tags/**"
-
-depends_on:
-- testing
-
+  - refs/tags/**
 ---
+depends_on:
+- linux-amd64
+- linux-arm64
+- linux-arm
+- release-binary
 kind: pipeline
 name: notifications
-
 platform:
-  os: linux
   arch: amd64
-
+  os: linux
 steps:
-- name: manifest
+- image: plugins/manifest
+  name: manifest
   pull: always
-  image: plugins/manifest
   settings:
     ignore_missing: true
     password:
@@ -350,16 +291,7 @@ steps:
     spec: docker/manifest.tmpl
     username:
       from_secret: docker_username
-
 trigger:
   ref:
   - refs/heads/master
-  - "refs/tags/**"
-
-depends_on:
-- linux-amd64
-- linux-arm64
-- linux-arm
-- release-binary
-
-...
+  - refs/tags/**

DOCS.md

@@ -207,6 +207,9 @@ key
 passphrase
 : The purpose of the passphrase is usually to encrypt the private key.
 
+fingerprint
+: fingerprint SHA256 of the host public key, default is to skip verification
+
 target
 : folder path of target host
 
@@ -255,6 +258,9 @@ proxy_key_path
 proxy_passphrase
 : The purpose of the passphrase is usually to encrypt the private key.
 
+proxy_fingerprint
+: fingerprint SHA256 of the host public key, default is to skip verification
+
 ## Template Reference
 
 repo.owner

Makefile

@@ -8,7 +8,7 @@ DEPLOY_ACCOUNT := appleboy
 DEPLOY_IMAGE := $(EXECUTABLE)
 
 TARGETS ?= linux darwin windows
-ARCHS ?= amd64 386
+ARCHS ?= amd64
 SOURCES ?= $(shell find . -name "*.go" -type f)
 TAGS ?=
 LDFLAGS ?= -X 'main.Version=$(VERSION)'
@@ -35,24 +35,10 @@ vet:
 
 lint:
 	@hash revive > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		$(GO) get -u github.com/mgechev/revive; \
+		$(GO) install github.com/mgechev/revive@v1.2.1; \
 	fi
 	revive -config .revive.toml ./... || exit 1
 
-.PHONY: misspell-check
-misspell-check:
-	@hash misspell > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		$(GO) get -u github.com/client9/misspell/cmd/misspell; \
-	fi
-	misspell -error $(SOURCES)
-
-.PHONY: misspell
-misspell:
-	@hash misspell > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		$(GO) get -u github.com/client9/misspell/cmd/misspell; \
-	fi
-	misspell -w $(SOURCES)
-
 .PHONY: fmt-check
 fmt-check:
 	@diff=$$($(GOFMT) -d $(SOURCES)); \
@@ -80,7 +66,7 @@ release-dirs:
 
 release-build:
 	@which gox > /dev/null; if [ $$? -ne 0 ]; then \
-		$(GO) get -u github.com/mitchellh/gox; \
+		$(GO) install github.com/mitchellh/gox@master; \
 	fi
 	gox -os="$(TARGETS)" -arch="$(ARCHS)" -tags="$(TAGS)" -ldflags="-s -w $(LDFLAGS)" -output="$(DIST)/binaries/$(EXECUTABLE)-$(VERSION)-{{.OS}}-{{.Arch}}"
 
@@ -117,16 +103,18 @@ endif
 	docker push $(DEPLOY_ACCOUNT)/$(DEPLOY_IMAGE):$(tag)
 
 ssh-server:
-	adduser -h /home/drone-scp -s /bin/bash -D -S drone-scp
+	adduser -h /home/drone-scp -s /bin/sh -D -S drone-scp
 	echo drone-scp:1234 | chpasswd
 	mkdir -p /home/drone-scp/.ssh
 	chmod 700 /home/drone-scp/.ssh
 	cat tests/.ssh/id_rsa.pub >> /home/drone-scp/.ssh/authorized_keys
 	cat tests/.ssh/test.pub >> /home/drone-scp/.ssh/authorized_keys
+	chmod 600 /home/drone-scp/.ssh/authorized_keys
 	chown -R drone-scp /home/drone-scp/.ssh
 	# install ssh and start server
 	apk add --update openssh openrc
 	rm -rf /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_dsa_key
+	sed -i 's/^#PubkeyAuthentication yes/PubkeyAuthentication yes/g' /etc/ssh/sshd_config
 	sed -i 's/AllowTcpForwarding no/AllowTcpForwarding yes/g' /etc/ssh/sshd_config
 	./tests/entrypoint.sh /usr/sbin/sshd -D &
 

go.mod

@@ -1,12 +1,27 @@
 module github.com/appleboy/drone-scp
 
-go 1.14
+go 1.18
 
 require (
-	github.com/appleboy/com v0.0.6
-	github.com/appleboy/easyssh-proxy v1.3.4
+	github.com/appleboy/com v0.1.6
+	github.com/appleboy/easyssh-proxy v1.3.9
 	github.com/fatih/color v1.9.0
-	github.com/joho/godotenv v1.3.0
-	github.com/stretchr/testify v1.5.1
-	github.com/urfave/cli/v2 v2.2.0
+	github.com/joho/godotenv v1.4.0
+	github.com/stretchr/testify v1.7.0
+	github.com/urfave/cli/v2 v2.8.1
+	golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e
+)
+
+require (
+	github.com/ScaleFT/sshkeys v0.0.0-20200327173127-6142f742bca5 // indirect
+	github.com/cpuguy83/go-md2man/v2 v2.0.1 // indirect
+	github.com/davecgh/go-spew v1.1.0 // indirect
+	github.com/dchest/bcrypt_pbkdf v0.0.0-20150205184540-83f37f9c154a // indirect
+	github.com/mattn/go-colorable v0.1.4 // indirect
+	github.com/mattn/go-isatty v0.0.11 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/russross/blackfriday/v2 v2.1.0 // indirect
+	github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect
+	golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1 // indirect
+	gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c // indirect
 )

go.sum

@@ -1,20 +1,19 @@
-github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/ScaleFT/sshkeys v0.0.0-20181112160850-82451a803681 h1:JS2rl38kZmHgWa0xINSaSYH0Whtvem64/4+Ef0+Y5pE=
-github.com/ScaleFT/sshkeys v0.0.0-20181112160850-82451a803681/go.mod h1:WfDateMPQ/55dPbZRp5Zxrux5WiEaHsjk9puUhz0KgY=
-github.com/appleboy/com v0.0.6 h1:l8cZ0aQJU/SWyL79ciYAJeqV835PRdlZ6efiPhus5Ic=
-github.com/appleboy/com v0.0.6/go.mod h1:jnufjIC3opMlReyPPPye+8JqNvUzLm25o7h6SOy8nv0=
-github.com/appleboy/easyssh-proxy v1.3.4 h1:yNgzsJ9qaDNGzQILDXEK4boioJMmUUaTUsxYtCTSGqo=
-github.com/appleboy/easyssh-proxy v1.3.4/go.mod h1:Kk57I3w7OCafOjp5kgZFvxk2fO8Tca5CriBTOsbSbjY=
-github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d h1:U+s90UTSYgptZMwQh2aRr3LuazLJIa+Pg3Kc1ylSYVY=
-github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
+github.com/ScaleFT/sshkeys v0.0.0-20200327173127-6142f742bca5 h1:VauE2GcJNZFun2Och6tIT2zJZK1v6jxALQDA9BIji/E=
+github.com/ScaleFT/sshkeys v0.0.0-20200327173127-6142f742bca5/go.mod h1:gxOHeajFfvGQh/fxlC8oOKBe23xnnJTif00IFFbiT+o=
+github.com/appleboy/com v0.1.6 h1:vP9ryTIbSFaXSrZcFTU7RRcgPbrpGJ0Oy5wpgEkQ2m8=
+github.com/appleboy/com v0.1.6/go.mod h1:jnufjIC3opMlReyPPPye+8JqNvUzLm25o7h6SOy8nv0=
+github.com/appleboy/easyssh-proxy v1.3.9 h1:b+sVSTz+cVFvfA23HQywMMpm0s5g3gH7jYdBcQqaCQI=
+github.com/appleboy/easyssh-proxy v1.3.9/go.mod h1:G1eQomBEME7NWKA3hE49s5HsT44S5fn0aBxX7k9Yjug=
+github.com/cpuguy83/go-md2man/v2 v2.0.1 h1:r/myEWzV9lfsM1tFLgDyu0atFtJ1fXn261LKYj/3DxU=
+github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/dchest/bcrypt_pbkdf v0.0.0-20150205184540-83f37f9c154a h1:saTgr5tMLFnmy/yg3qDTft4rE5DY2uJ/cCxCe3q0XTU=
 github.com/dchest/bcrypt_pbkdf v0.0.0-20150205184540-83f37f9c154a/go.mod h1:Bw9BbhOJVNR+t0jCqx2GC6zv0TGBsShs56Y3gfSCvl0=
 github.com/fatih/color v1.9.0 h1:8xPHl4/q1VyqGIPif1F+1V3Y3lSmrq01EabUW3CoW5s=
 github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU=
-github.com/joho/godotenv v1.3.0 h1:Zjp+RcGpHhGlrMbJzXTrZZPrWj+1vfm90La1wgB6Bhc=
-github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg=
+github.com/joho/godotenv v1.4.0 h1:3l4+N6zfMWnkbPEXKng2o2/MR5mSwTrBih4ZEkkz1lg=
+github.com/joho/godotenv v1.4.0/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=
 github.com/mattn/go-colorable v0.1.4 h1:snbPLB8fVfU9iwbbo30TPtbLRzwWu6aJS6Xh4eaaviA=
 github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
 github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
@@ -22,27 +21,35 @@ github.com/mattn/go-isatty v0.0.11 h1:FxPOTFNqGkuDUGi3H/qkUbQO4ZiBa2brKq5r0l8TGe
 github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q=
-github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo=
-github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
+github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
+github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.5.1 h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H4=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
-github.com/urfave/cli/v2 v2.2.0 h1:JTTnM6wKzdA0Jqodd966MVj4vWbbquZykeX1sKbe2C4=
-github.com/urfave/cli/v2 v2.2.0/go.mod h1:SE9GqnLQmjVa0iPEY0f1w3ygNIYcIJ0OKPMoW2caLfQ=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/urfave/cli/v2 v2.8.1 h1:CGuYNZF9IKZY/rfBe3lJpccSoIY1ytfvmgQT90cNOl4=
+github.com/urfave/cli/v2 v2.8.1/go.mod h1:Z41J9TPoffeoqP0Iza0YbAhGvymRdZAd2uPmZ5JxRdY=
+github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 h1:bAn7/zixMGCfxrRTfdpNzjtPYqr8smhKouy9mxVdGPU=
+github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673/go.mod h1:N3UwUGtsrSj3ccvlPHLoLsHnpR27oXr4ZE984MbSER8=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20191227163750-53104e6ec876 h1:sKJQZMuxjOAR/Uo2LBfU90onWEf1dF4C+0hPJCc9Mpc=
-golang.org/x/crypto v0.0.0-20191227163750-53104e6ec876/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20201208171446-5f87f3452ae9/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
+golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e h1:T8NU3HyQ8ClP4SEE+KbFlg6n0NhuTsN4MyznaarGsZM=
+golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191026070338-33540a1f6037 h1:YyJpGZS1sBuBCzLAR1VEpK193GlqGZbnPFnPV/5Rsb4=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200219091948-cb0a6d8edb6c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1 h1:SrN+KX8Art/Sf4HNj6Zcz06G7VEz+7w9tdXTPOZ7+l4=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

main.go

@@ -7,7 +7,6 @@ import (
 
 	"github.com/appleboy/easyssh-proxy"
 	"github.com/joho/godotenv"
-	_ "github.com/joho/godotenv/autoload"
 	"github.com/urfave/cli/v2"
 )
 
@@ -17,12 +16,15 @@ var (
 )
 
 func main() {
-	defaultCiphers := []string{"aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "arcfour256", "arcfour128", "aes128-cbc", "3des-cbc"}
+	// Load env-file if it exists first
+	if filename, found := os.LookupEnv("PLUGIN_ENV_FILE"); found {
+		_ = godotenv.Load(filename)
+	}
 
 	app := cli.NewApp()
 	app.Name = "Drone SCP"
 	app.Usage = "Copy files and artifacts via SSH."
-	app.Copyright = "Copyright (c) 2019 Bo-Yi Wu"
+	app.Copyright = "Copyright (c) 2020 Bo-Yi Wu"
 	app.Version = Version
 	app.Authors = []*cli.Author{
 		{
@@ -59,7 +61,16 @@ func main() {
 			Name:    "ciphers",
 			Usage:   "The allowed cipher algorithms. If unspecified then a sensible",
 			EnvVars: []string{"PLUGIN_CIPHERS", "SSH_CIPHERS", "CIPHERS", "INPUT_CIPHERS"},
-			Value:   cli.NewStringSlice(defaultCiphers...),
+		},
+		&cli.BoolFlag{
+			Name:    "useInsecureCipher",
+			Usage:   "include more ciphers with use_insecure_cipher",
+			EnvVars: []string{"PLUGIN_USE_INSECURE_CIPHER", "SSH_USE_INSECURE_CIPHER", "USE_INSECURE_CIPHER", "INPUT_USE_INSECURE_CIPHER"},
+		},
+		&cli.StringFlag{
+			Name:    "fingerprint",
+			Usage:   "fingerprint SHA256 of the host public key, default is to skip verification",
+			EnvVars: []string{"PLUGIN_FINGERPRINT", "SSH_FINGERPRINT", "FINGERPRINT", "INPUT_FINGERPRINT"},
 		},
 		&cli.DurationFlag{
 			Name:    "timeout",
@@ -156,14 +167,10 @@ func main() {
 			Usage:   "build link",
 			EnvVars: []string{"DRONE_BUILD_LINK"},
 		},
-		&cli.StringFlag{
-			Name:  "env-file",
-			Usage: "source env file",
-		},
 		&cli.StringFlag{
 			Name:    "proxy.ssh-key",
 			Usage:   "private ssh key of proxy",
-			EnvVars: []string{"PLUGIN_PROXY_SSH_KEY", "PLUGIN_PROXY_KEY", "PROXY_SSH_KEY", "PROXY_KEY", "INPUT_PROXY_SSH_KEY"},
+			EnvVars: []string{"PLUGIN_PROXY_SSH_KEY", "PLUGIN_PROXY_KEY", "PROXY_SSH_KEY", "PROXY_KEY", "INPUT_PROXY_KEY"},
 		},
 		&cli.StringFlag{
 			Name:    "proxy.ssh-passphrase",
@@ -173,7 +180,7 @@ func main() {
 		&cli.StringFlag{
 			Name:    "proxy.key-path",
 			Usage:   "ssh private key path of proxy",
-			EnvVars: []string{"PLUGIN_PROXY_KEY_PATH", "PROXY_SSH_KEY_PATH", "INPUT_PROXY_SSH_KEY_PATH"},
+			EnvVars: []string{"PLUGIN_PROXY_KEY_PATH", "PROXY_SSH_KEY_PATH", "INPUT_PROXY_KEY_PATH"},
 		},
 		&cli.StringFlag{
 			Name:    "proxy.username",
@@ -195,7 +202,16 @@ func main() {
 			Name:    "proxy.ciphers",
 			Usage:   "The allowed cipher algorithms. If unspecified then a sensible",
 			EnvVars: []string{"PLUGIN_PROXY_CIPHERS", "PROXY_SSH_CIPHERS", "PROXY_CIPHERS", "INPUT_PROXY_CIPHERS"},
-			Value:   cli.NewStringSlice(defaultCiphers...),
+		},
+		&cli.BoolFlag{
+			Name:    "proxy.useInsecureCipher",
+			Usage:   "include more ciphers with use_insecure_cipher",
+			EnvVars: []string{"PLUGIN_PROXY_USE_INSECURE_CIPHER", "SSH_PROXY_USE_INSECURE_CIPHER", "PROXY_USE_INSECURE_CIPHER", "INPUT_PROXY_USE_INSECURE_CIPHER"},
+		},
+		&cli.StringFlag{
+			Name:    "proxy.fingerprint",
+			Usage:   "fingerprint SHA256 of the host public key, default is to skip verification",
+			EnvVars: []string{"PLUGIN_PROXY_FINGERPRINT", "SSH_PROXY_FINGERPRINT", "PROXY_FINGERPRINT", "INPUT_PROXY_FINGERPRINT"},
 		},
 		&cli.StringFlag{
 			Name:    "proxy.port",
@@ -275,10 +291,6 @@ REPOSITORY:
 }
 
 func run(c *cli.Context) error {
-	if c.String("env-file") != "" {
-		_ = godotenv.Load(c.String("env-file"))
-	}
-
 	plugin := Plugin{
 		Repo: Repo{
 			Owner: c.String("repo.owner"),
@@ -295,34 +307,38 @@ func run(c *cli.Context) error {
 			Link:    c.String("build.link"),
 		},
 		Config: Config{
-			Host:            c.StringSlice("host"),
-			Port:            c.String("port"),
-			Username:        c.String("username"),
-			Password:        c.String("password"),
-			Passphrase:      c.String("ssh-passphrase"),
-			Timeout:         c.Duration("timeout"),
-			CommandTimeout:  c.Duration("command.timeout"),
-			Key:             c.String("ssh-key"),
-			KeyPath:         c.String("key-path"),
-			Target:          c.StringSlice("target"),
-			Source:          c.StringSlice("source"),
-			Remove:          c.Bool("rm"),
-			Debug:           c.Bool("debug"),
-			StripComponents: c.Int("strip.components"),
-			TarExec:         c.String("tar.exec"),
-			TarTmpPath:      c.String("tar.tmp-path"),
-			Overwrite:       c.Bool("overwrite"),
-			Ciphers:         c.StringSlice("ciphers"),
+			Host:              c.StringSlice("host"),
+			Port:              c.String("port"),
+			Username:          c.String("username"),
+			Password:          c.String("password"),
+			Passphrase:        c.String("ssh-passphrase"),
+			Fingerprint:       c.String("fingerprint"),
+			Timeout:           c.Duration("timeout"),
+			CommandTimeout:    c.Duration("command.timeout"),
+			Key:               c.String("ssh-key"),
+			KeyPath:           c.String("key-path"),
+			Target:            c.StringSlice("target"),
+			Source:            c.StringSlice("source"),
+			Remove:            c.Bool("rm"),
+			Debug:             c.Bool("debug"),
+			StripComponents:   c.Int("strip.components"),
+			TarExec:           c.String("tar.exec"),
+			TarTmpPath:        c.String("tar.tmp-path"),
+			Overwrite:         c.Bool("overwrite"),
+			Ciphers:           c.StringSlice("ciphers"),
+			UseInsecureCipher: c.Bool("useInsecureCipher"),
 			Proxy: easyssh.DefaultConfig{
-				Key:        c.String("proxy.ssh-key"),
-				Passphrase: c.String("proxy.ssh-passphrase"),
-				KeyPath:    c.String("proxy.key-path"),
-				User:       c.String("proxy.username"),
-				Password:   c.String("proxy.password"),
-				Server:     c.String("proxy.host"),
-				Port:       c.String("proxy.port"),
-				Timeout:    c.Duration("proxy.timeout"),
-				Ciphers:    c.StringSlice("proxy.ciphers"),
+				Key:               c.String("proxy.ssh-key"),
+				Passphrase:        c.String("proxy.ssh-passphrase"),
+				Fingerprint:       c.String("proxy.fingerprint"),
+				KeyPath:           c.String("proxy.key-path"),
+				User:              c.String("proxy.username"),
+				Password:          c.String("proxy.password"),
+				Server:            c.String("proxy.host"),
+				Port:              c.String("proxy.port"),
+				Timeout:           c.Duration("proxy.timeout"),
+				Ciphers:           c.StringSlice("proxy.ciphers"),
+				UseInsecureCipher: c.Bool("proxy.useInsecureCipher"),
 			},
 		},
 	}

path.go

@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package main

path_windows.go

@@ -1,3 +1,4 @@
+//go:build windows
 // +build windows
 
 package main

pipeline.libsonnet

@@ -9,7 +9,7 @@
     steps: [
       {
         name: 'vet',
-        image: 'golang:1.14',
+        image: 'golang:1.18',
         pull: 'always',
         commands: [
           'make vet',
@@ -21,51 +21,23 @@
           },
         ],
       },
-      {
-        name: 'lint',
-        image: 'golang:1.14',
-        pull: 'always',
-        commands: [
-          'make lint',
-        ],
-        volumes: [
-          {
-            name: 'gopath',
-            path: '/go',
-          },
-        ],
-      },
-      {
-        name: 'misspell',
-        image: 'golang:1.14',
-        pull: 'always',
-        commands: [
-          'make misspell-check',
-        ],
-        volumes: [
-          {
-            name: 'gopath',
-            path: '/go',
-          },
-        ],
-      },
-      {
-        name: 'test',
-        image: 'golang:1.14-alpine',
-        pull: 'always',
-        commands: [
-          'apk add git make curl perl bash build-base zlib-dev ucl-dev',
-          'make ssh-server',
-          'make test',
-          'make coverage',
-        ],
-        volumes: [
-          {
-            name: 'gopath',
-            path: '/go',
-          },
-        ],
-      },
+      // {
+      //   name: 'test',
+      //   image: 'golang:1.18-alpine',
+      //   pull: 'always',
+      //   commands: [
+      //     'apk add git make curl perl bash build-base zlib-dev ucl-dev',
+      //     'make ssh-server',
+      //     'make test',
+      //     'make coverage',
+      //   ],
+      //   volumes: [
+      //     {
+      //       name: 'gopath',
+      //       path: '/go',
+      //     },
+      //   ],
+      // },
       {
         name: 'codecov',
         image: 'robertstettner/drone-codecov',
@@ -93,7 +65,7 @@
     steps: [
       {
         name: 'build-push',
-        image: 'golang:1.14',
+        image: 'golang:1.18',
         pull: 'always',
         environment: {
           CGO_ENABLED: '0',
@@ -109,7 +81,7 @@
       },
       {
         name: 'build-tag',
-        image: 'golang:1.14',
+        image: 'golang:1.18',
         pull: 'always',
         environment: {
           CGO_ENABLED: '0',
@@ -123,7 +95,7 @@
       },
       {
         name: 'executable',
-        image: 'golang:1.14',
+        image: 'golang:1.18',
         pull: 'always',
         commands: [
           './release/' + os + '/' + arch + '/' + name + ' --help',
@@ -188,7 +160,7 @@
     steps: [
       {
         name: 'build-all-binary',
-        image: 'golang:1.14',
+        image: 'golang:1.18',
         pull: 'always',
         commands: [
           'make release'

plugin.go

@@ -45,25 +45,27 @@ type (
 
 	// Config for the plugin.
 	Config struct {
-		Host            []string
-		Port            string
-		Username        string
-		Password        string
-		Key             string
-		Passphrase      string
-		KeyPath         string
-		Timeout         time.Duration
-		CommandTimeout  time.Duration
-		Target          []string
-		Source          []string
-		Remove          bool
-		StripComponents int
-		TarExec         string
-		TarTmpPath      string
-		Proxy           easyssh.DefaultConfig
-		Debug           bool
-		Overwrite       bool
-		Ciphers         []string
+		Host              []string
+		Port              string
+		Username          string
+		Password          string
+		Key               string
+		Passphrase        string
+		Fingerprint       string
+		KeyPath           string
+		Timeout           time.Duration
+		CommandTimeout    time.Duration
+		Target            []string
+		Source            []string
+		Remove            bool
+		StripComponents   int
+		TarExec           string
+		TarTmpPath        string
+		Proxy             easyssh.DefaultConfig
+		Debug             bool
+		Overwrite         bool
+		Ciphers           []string
+		UseInsecureCipher bool
 	}
 
 	// Plugin values.
@@ -151,7 +153,6 @@ func (p Plugin) log(host string, message ...interface{}) {
 func (p *Plugin) removeDestFile(ssh *easyssh.MakeConfig) error {
 	p.log(ssh.Server, "remove file", p.DestFile)
 	_, errStr, _, err := ssh.Run(fmt.Sprintf("rm -rf %s", p.DestFile), p.Config.CommandTimeout)
-
 	if err != nil {
 		return err
 	}
@@ -166,23 +167,29 @@ func (p *Plugin) removeDestFile(ssh *easyssh.MakeConfig) error {
 func (p *Plugin) removeAllDestFile() error {
 	for _, host := range p.Config.Host {
 		ssh := &easyssh.MakeConfig{
-			Server:     host,
-			User:       p.Config.Username,
-			Password:   p.Config.Password,
-			Port:       p.Config.Port,
-			Key:        p.Config.Key,
-			KeyPath:    p.Config.KeyPath,
-			Passphrase: p.Config.Passphrase,
-			Timeout:    p.Config.Timeout,
+			Server:            host,
+			User:              p.Config.Username,
+			Password:          p.Config.Password,
+			Port:              p.Config.Port,
+			Key:               p.Config.Key,
+			KeyPath:           p.Config.KeyPath,
+			Passphrase:        p.Config.Passphrase,
+			Timeout:           p.Config.Timeout,
+			Ciphers:           p.Config.Ciphers,
+			Fingerprint:       p.Config.Fingerprint,
+			UseInsecureCipher: p.Config.UseInsecureCipher,
 			Proxy: easyssh.DefaultConfig{
-				Server:     p.Config.Proxy.Server,
-				User:       p.Config.Proxy.User,
-				Password:   p.Config.Proxy.Password,
-				Port:       p.Config.Proxy.Port,
-				Key:        p.Config.Proxy.Key,
-				KeyPath:    p.Config.Proxy.KeyPath,
-				Passphrase: p.Config.Proxy.Passphrase,
-				Timeout:    p.Config.Proxy.Timeout,
+				Server:            p.Config.Proxy.Server,
+				User:              p.Config.Proxy.User,
+				Password:          p.Config.Proxy.Password,
+				Port:              p.Config.Proxy.Port,
+				Key:               p.Config.Proxy.Key,
+				KeyPath:           p.Config.Proxy.KeyPath,
+				Passphrase:        p.Config.Proxy.Passphrase,
+				Timeout:           p.Config.Proxy.Timeout,
+				Ciphers:           p.Config.Proxy.Ciphers,
+				Fingerprint:       p.Config.Proxy.Fingerprint,
+				UseInsecureCipher: p.Config.Proxy.UseInsecureCipher,
 			},
 		}
 
@@ -276,25 +283,29 @@ func (p *Plugin) Exec() error {
 		go func(host string) {
 			// Create MakeConfig instance with remote username, server address and path to private key.
 			ssh := &easyssh.MakeConfig{
-				Server:     host,
-				User:       p.Config.Username,
-				Password:   p.Config.Password,
-				Port:       p.Config.Port,
-				Key:        p.Config.Key,
-				KeyPath:    p.Config.KeyPath,
-				Passphrase: p.Config.Passphrase,
-				Timeout:    p.Config.Timeout,
-				Ciphers:    p.Config.Ciphers,
+				Server:            host,
+				User:              p.Config.Username,
+				Password:          p.Config.Password,
+				Port:              p.Config.Port,
+				Key:               p.Config.Key,
+				KeyPath:           p.Config.KeyPath,
+				Passphrase:        p.Config.Passphrase,
+				Timeout:           p.Config.Timeout,
+				Ciphers:           p.Config.Ciphers,
+				Fingerprint:       p.Config.Fingerprint,
+				UseInsecureCipher: p.Config.UseInsecureCipher,
 				Proxy: easyssh.DefaultConfig{
-					Server:     p.Config.Proxy.Server,
-					User:       p.Config.Proxy.User,
-					Password:   p.Config.Proxy.Password,
-					Port:       p.Config.Proxy.Port,
-					Key:        p.Config.Proxy.Key,
-					KeyPath:    p.Config.Proxy.KeyPath,
-					Passphrase: p.Config.Proxy.Passphrase,
-					Timeout:    p.Config.Proxy.Timeout,
-					Ciphers:    p.Config.Proxy.Ciphers,
+					Server:            p.Config.Proxy.Server,
+					User:              p.Config.Proxy.User,
+					Password:          p.Config.Proxy.Password,
+					Port:              p.Config.Proxy.Port,
+					Key:               p.Config.Proxy.Key,
+					KeyPath:           p.Config.Proxy.KeyPath,
+					Passphrase:        p.Config.Proxy.Passphrase,
+					Timeout:           p.Config.Proxy.Timeout,
+					Ciphers:           p.Config.Proxy.Ciphers,
+					Fingerprint:       p.Config.Proxy.Fingerprint,
+					UseInsecureCipher: p.Config.Proxy.UseInsecureCipher,
 				},
 			}
 
@@ -304,7 +315,6 @@ func (p *Plugin) Exec() error {
 			// Call Scp method with file you want to upload to remote server.
 			p.log(host, "scp file to server.")
 			err := ssh.Scp(tar, p.DestFile)
-
 			if err != nil {
 				errChannel <- copyError{host, err.Error()}
 				return
@@ -316,7 +326,6 @@ func (p *Plugin) Exec() error {
 					p.log(host, "Remove target folder:", target)
 
 					_, _, _, err := ssh.Run(fmt.Sprintf("rm -rf %s", target), p.Config.CommandTimeout)
-
 					if err != nil {
 						errChannel <- err
 						return
@@ -366,7 +375,6 @@ func (p *Plugin) Exec() error {
 			}
 
 			wg.Done()
-
 		}(host)
 	}
 
@@ -383,7 +391,9 @@ func (p *Plugin) Exec() error {
 			c.Println("drone-scp error: ", err)
 			if _, ok := err.(copyError); !ok {
 				fmt.Println("drone-scp rollback: remove all target tmp file")
-				p.removeAllDestFile()
+				if err := p.removeAllDestFile(); err != nil {
+					return err
+				}
 			}
 			return err
 		}

plugin_test.go

@@ -1,6 +1,8 @@
 package main
 
 import (
+	"io/ioutil"
+	"log"
 	"os"
 	"os/exec"
 	"os/user"
@@ -11,6 +13,7 @@ import (
 
 	"github.com/appleboy/easyssh-proxy"
 	"github.com/stretchr/testify/assert"
+	"golang.org/x/crypto/ssh"
 )
 
 func TestMissingAllConfig(t *testing.T) {
@@ -169,6 +172,90 @@ func TestSCPFileFromPublicKeyWithPassphrase(t *testing.T) {
 	}
 }
 
+func TestWrongFingerprint(t *testing.T) {
+	u, err := user.Lookup("drone-scp")
+	if err != nil {
+		t.Fatalf("Lookup: %v", err)
+	}
+
+	plugin := Plugin{
+		Config: Config{
+			Host:           []string{"localhost"},
+			Username:       "drone-scp",
+			Port:           "22",
+			KeyPath:        "./tests/.ssh/id_rsa",
+			Source:         []string{"tests/a.txt", "tests/b.txt"},
+			Target:         []string{filepath.Join(u.HomeDir, "/test2")},
+			CommandTimeout: 60 * time.Second,
+			TarExec:        "tar",
+			Fingerprint:    "wrong",
+		},
+	}
+
+	err = plugin.Exec()
+	log.Println(err)
+	assert.NotNil(t, err)
+}
+
+func getHostPublicKeyFile(keypath string) (ssh.PublicKey, error) {
+	var pubkey ssh.PublicKey
+	var err error
+	buf, err := ioutil.ReadFile(keypath)
+	if err != nil {
+		return nil, err
+	}
+
+	pubkey, _, _, _, err = ssh.ParseAuthorizedKey(buf)
+
+	if err != nil {
+		return nil, err
+	}
+
+	return pubkey, nil
+}
+
+func TestSCPFileFromPublicKeyWithFingerprint(t *testing.T) {
+	if os.Getenv("SSH_AUTH_SOCK") != "" {
+		if err := exec.Command("eval", "`ssh-agent -k`").Run(); err != nil {
+			t.Fatalf("exec: %v", err)
+		}
+	}
+
+	u, err := user.Lookup("drone-scp")
+	if err != nil {
+		t.Fatalf("Lookup: %v", err)
+	}
+
+	hostKey, err := getHostPublicKeyFile("/etc/ssh/ssh_host_rsa_key.pub")
+	assert.NoError(t, err)
+
+	plugin := Plugin{
+		Config: Config{
+			Host:           []string{"localhost"},
+			Username:       "drone-scp",
+			Port:           "22",
+			KeyPath:        "./tests/.ssh/id_rsa",
+			Fingerprint:    ssh.FingerprintSHA256(hostKey),
+			Source:         []string{"tests/a.txt", "tests/b.txt"},
+			Target:         []string{filepath.Join(u.HomeDir, "/test2")},
+			CommandTimeout: 60 * time.Second,
+			TarExec:        "tar",
+		},
+	}
+
+	err = plugin.Exec()
+	assert.Nil(t, err)
+
+	// check file exist
+	if _, err := os.Stat(filepath.Join(u.HomeDir, "/test2/tests/a.txt")); os.IsNotExist(err) {
+		t.Fatalf("SCP-error: %v", err)
+	}
+
+	if _, err := os.Stat(filepath.Join(u.HomeDir, "/test2/tests/b.txt")); os.IsNotExist(err) {
+		t.Fatalf("SCP-error: %v", err)
+	}
+}
+
 func TestSCPWildcardFileList(t *testing.T) {
 	if os.Getenv("SSH_AUTH_SOCK") != "" {
 		if err := exec.Command("eval", "`ssh-agent -k`").Run(); err != nil {
@@ -284,6 +371,40 @@ func TestStripComponentsFlag(t *testing.T) {
 	}
 }
 
+func TestUseInsecureCipherFlag(t *testing.T) {
+	u, err := user.Lookup("drone-scp")
+	if err != nil {
+		t.Fatalf("Lookup: %v", err)
+	}
+
+	plugin := Plugin{
+		Config: Config{
+			Host:              []string{"localhost"},
+			Username:          "drone-scp",
+			Port:              "22",
+			KeyPath:           "tests/.ssh/id_rsa",
+			Source:            []string{"tests/global/*"},
+			StripComponents:   2,
+			Target:            []string{filepath.Join(u.HomeDir, "123")},
+			CommandTimeout:    60 * time.Second,
+			TarExec:           "tar",
+			UseInsecureCipher: true,
+		},
+	}
+
+	err = plugin.Exec()
+	assert.Nil(t, err)
+
+	// check file exist
+	if _, err := os.Stat(filepath.Join(u.HomeDir, "123/c.txt")); os.IsNotExist(err) {
+		t.Fatalf("SCP-error: %v", err)
+	}
+
+	if _, err := os.Stat(filepath.Join(u.HomeDir, "123/d.txt")); os.IsNotExist(err) {
+		t.Fatalf("SCP-error: %v", err)
+	}
+}
+
 func TestIgnoreList(t *testing.T) {
 	if os.Getenv("SSH_AUTH_SOCK") != "" {
 		if err := exec.Command("eval", "`ssh-agent -k`").Run(); err != nil {