Tootfinder

Many #Terraform providers using SSH do not check the SSH host key... they just run with ssh.InsecureIgnoreHostKey...
And to be honest, it is partly the fault of the SSH standard library which makes it super easy to ignore the host key and does not provide any useful builtin key verification function. People are lazy. ssh.FixedHostKey is niche.
So I implemented a small library to v…

sshhostkey
Provides a SSH HostKeyCallback builder to check keys with known_hosts files, entries or SSHFP (over classic DNS, DoT and DoH)