From 6e18c9215adcedf12d0ff735e10e83eea09e6dae Mon Sep 17 00:00:00 2001
From: Boshi Lian <farmer1992@gmail.com>
Date: Sun, 17 May 2020 08:32:48 -0700
Subject: [PATCH 1/2] knownhost to support reader

---
 ssh/knownhosts/reader.go      | 21 +++++++++++++++++++++
 ssh/knownhosts/reader_test.go | 17 +++++++++++++++++
 2 files changed, 38 insertions(+)
 create mode 100644 ssh/knownhosts/reader.go
 create mode 100644 ssh/knownhosts/reader_test.go

diff --git a/ssh/knownhosts/reader.go b/ssh/knownhosts/reader.go
new file mode 100644
index 0000000000..62ab7b3178
--- /dev/null
+++ b/ssh/knownhosts/reader.go
@@ -0,0 +1,21 @@
+package knownhosts
+
+import (
+	"io"
+
+	"golang.org/x/crypto/ssh"
+)
+
+func NewFromReader(r io.Reader) (ssh.HostKeyCallback, error) {
+	db := newHostKeyDB()
+	if err := db.Read(r, ""); err != nil {
+		return nil, err
+	}
+
+	var certChecker ssh.CertChecker
+	certChecker.IsHostAuthority = db.IsHostAuthority
+	certChecker.IsRevoked = db.IsRevoked
+	certChecker.HostKeyFallback = db.check
+
+	return certChecker.CheckHostKey, nil
+}
diff --git a/ssh/knownhosts/reader_test.go b/ssh/knownhosts/reader_test.go
new file mode 100644
index 0000000000..72b0890091
--- /dev/null
+++ b/ssh/knownhosts/reader_test.go
@@ -0,0 +1,17 @@
+package knownhosts
+
+import (
+	"fmt"
+	"strings"
+	"testing"
+)
+
+func TestNewFromReader(t *testing.T) {
+	str := fmt.Sprintf("server*.domain %s", edKeyStr)
+
+	_, err := NewFromReader(strings.NewReader(str))
+	if err != nil {
+		t.Fatalf("cannot read from string: %v", err)
+	}
+
+}

From 4b4a3535e6e7731b9c7ea3010acb50fa4236892a Mon Sep 17 00:00:00 2001
From: Boshi Lian <farmer1992@gmail.com>
Date: Sun, 17 May 2020 08:31:50 -0700
Subject: [PATCH 2/2] add comment

---
 ssh/knownhosts/reader.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/ssh/knownhosts/reader.go b/ssh/knownhosts/reader.go
index 62ab7b3178..68a39bda66 100644
--- a/ssh/knownhosts/reader.go
+++ b/ssh/knownhosts/reader.go
@@ -6,6 +6,12 @@ import (
 	"golang.org/x/crypto/ssh"
 )
 
+// NewFromReader creates a host key callback from the given OpenSSH host io.Reader
+// which is in SSH_KNOWN_HOSTS_FILE_FORMAT. The returned callback is for use in
+// ssh.ClientConfig.HostKeyCallback. By preference, the key check
+// operates on the hostname if available, i.e. if a server changes its
+// IP address, the host key check will still succeed, even though a
+// record of the new IP address is not available.
 func NewFromReader(r io.Reader) (ssh.HostKeyCallback, error) {
 	db := newHostKeyDB()
 	if err := db.Read(r, ""); err != nil {