From 8ffe005e21cdbbe1338df06f57d21c9e5d80c352 Mon Sep 17 00:00:00 2001
From: Ryan Johnson <ryan.johnson@broadcom.com>
Date: Mon, 14 Oct 2024 22:50:02 -0400
Subject: [PATCH] fix: insecure host key

Uses the knownhosts package to validate the host key.

Signed-off-by: Ryan Johnson <ryan.johnson@broadcom.com>
---
 builder/vmware/common/driver_esxi.go | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/builder/vmware/common/driver_esxi.go b/builder/vmware/common/driver_esxi.go
index f1a7e57e..27986c76 100644
--- a/builder/vmware/common/driver_esxi.go
+++ b/builder/vmware/common/driver_esxi.go
@@ -37,6 +37,7 @@ import (
 	packersdk "github.com/hashicorp/packer-plugin-sdk/packer"
 	"github.com/hashicorp/packer-plugin-sdk/sdk-internals/communicator/ssh"
 	gossh "golang.org/x/crypto/ssh"
+	"golang.org/x/crypto/ssh/knownhosts"
 )
 
 // EsxiDriver is a driver for building virtual machines on an ESXi host.
@@ -747,12 +748,18 @@ func (d *EsxiDriver) connect() error {
 		auth = append(auth, gossh.PublicKeys(signer))
 	}
 
+	knownHostsFile := filepath.Join(os.Getenv("HOME"), ".ssh", "known_hosts")
+	hostKeyCallback, err := knownhosts.New(knownHostsFile)
+	if err != nil {
+		return err
+	}
+
 	sshConfig := &ssh.Config{
 		Connection: ssh.ConnectFunc("tcp", address),
 		SSHConfig: &gossh.ClientConfig{
 			User:            d.Username,
 			Auth:            auth,
-			HostKeyCallback: gossh.InsecureIgnoreHostKey(),
+			HostKeyCallback: hostKeyCallback,
 		},
 	}