Add host_key_algorithms configuration option

CHANGELOG.md

@@ -1,7 +1,8 @@
 ## 0.2.0 / TBD
 
 * Update to 1.15 and update Go module dependencies
-* Add known_hosts configuration option to allow verifying SSH hosts against known hosts
+* Add `known_hosts` configuration option to allow verifying SSH hosts against known hosts
+* Add `host_key_algorithms` configuration option to specify host key algorithms to use when verifying SSH hosts
 
 ## 0.1.1 / 2020-04-01
 

README.md

@@ -37,6 +37,8 @@ modules:
  user: prometheus
  private_key: /home/prometheus/.ssh/id_rsa
  known_hosts: /etc/ssh/ssh_known_hosts
+ host_key_algorithms:
+ - ssh-rsa
  command: uptime
  command_expect: "load average"
  timeout: 5
@@ -55,6 +57,8 @@ Configuration options for each module:
 * `password` - The password for the SSH connection, required if `private_key` is not specified
 * `private_key` - The SSH private key for the SSH connection, required if `password` is not specified
 * `known_hosts` - Optional SSH known hosts file to use to verify hosts
+* `host_key_algorithms` - Optional list of SSH host key algorithms to use
+ * See constants beginning with `KeyAlgo*` in [crypto/ssh](https://godoc.org/golang.org/x/crypto/ssh#pkg-constants)
 * `timeout` - Optional timeout of the SSH connection, session and optional command.
  * The default comes from the `--collector.ssh.default-timeout` flag.
 * `command` - Optional command to run.

collector/collector.go

@@ -106,10 +106,11 @@ func (c *Collector) collect() Metric {
  }
 
  sshConfig := &ssh.ClientConfig{
- User: c.target.User,
- Auth: []ssh.AuthMethod{auth},
- HostKeyCallback: hostKeyCallback(&metric, c.target, c.logger),
- Timeout: time.Duration(c.target.Timeout) * time.Second,
+ User: c.target.User,
+ Auth: []ssh.AuthMethod{auth},
+ HostKeyCallback: hostKeyCallback(&metric, c.target, c.logger),
+ HostKeyAlgorithms: c.target.HostKeyAlgorithms,
+ Timeout: time.Duration(c.target.Timeout) * time.Second,
  }
  connection, err := ssh.Dial("tcp", c.target.Host, sshConfig)
  if err != nil {

config/config.go

@@ -31,25 +31,27 @@ type SafeConfig struct {
 }
 
 type Module struct {
- ModuleName string
- User string `yaml:"user"`
- Password string `yaml:"password"`
- PrivateKey string `yaml:"private_key"`
- KnownHosts string `yaml:"known_hosts"`
- Timeout int `yaml:"timeout"`
- Command string `yaml:"command"`
- CommandExpect string `yaml:"command_expect"`
+ ModuleName string
+ User string `yaml:"user"`
+ Password string `yaml:"password"`
+ PrivateKey string `yaml:"private_key"`
+ KnownHosts string `yaml:"known_hosts"`
+ HostKeyAlgorithms []string `yaml:"host_key_algorithms"`
+ Timeout int `yaml:"timeout"`
+ Command string `yaml:"command"`
+ CommandExpect string `yaml:"command_expect"`
 }
 
 type Target struct {
- Host string
- User string
- Password string
- PrivateKey string
- KnownHosts string
- Timeout int
- Command string
- CommandExpect string
+ Host string
+ User string
+ Password string
+ PrivateKey string
+ KnownHosts string
+ HostKeyAlgorithms []string
+ Timeout int
+ Command string
+ CommandExpect string
 }
 
 func (sc *SafeConfig) ReloadConfig(configFile string) error {

ssh_exporter.go

@@ -59,14 +59,15 @@ func metricsHandler(c *config.Config, logger log.Logger) http.HandlerFunc {
  }
 
  target := &config.Target{
- Host: t,
- User: module.User,
- Password: module.Password,
- PrivateKey: module.PrivateKey,
- KnownHosts: module.KnownHosts,
- Timeout: module.Timeout,
- Command: module.Command,
- CommandExpect: module.CommandExpect,
+ Host: t,
+ User: module.User,
+ Password: module.Password,
+ PrivateKey: module.PrivateKey,
+ KnownHosts: module.KnownHosts,
+ HostKeyAlgorithms: module.HostKeyAlgorithms,
+ Timeout: module.Timeout,
+ Command: module.Command,
+ CommandExpect: module.CommandExpect,
  }
  sshCollector := collector.NewCollector(target, log.With(logger, "target", target.Host))
  registry.MustRegister(sshCollector)