From 5d1b9f1062d38c301c0995ec6da980bdf5e48332 Mon Sep 17 00:00:00 2001
From: Paul Buetow <paul@buetow.org>
Date: Thu, 5 Mar 2026 08:50:33 +0200
Subject: Improve lint/vet reliability and refactor client runtime/bootstrap

---
 internal/ssh/client/knownhostscallback.go | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'internal/ssh/client')

diff --git a/internal/ssh/client/knownhostscallback.go b/internal/ssh/client/knownhostscallback.go
index 9c73864..26ab245 100644
--- a/internal/ssh/client/knownhostscallback.go
+++ b/internal/ssh/client/knownhostscallback.go
@@ -243,8 +243,7 @@ func (c *KnownHostsCallback) trustHosts(hosts []unknownHost) {
 	}
 
 	// Read old known hosts file, to see which are old and new entries
-	os.OpenFile(c.knownHostsPath, os.O_RDONLY|os.O_CREATE, 0666)
-	oldFd, err := os.Open(c.knownHostsPath)
+	oldFd, err := os.OpenFile(c.knownHostsPath, os.O_RDONLY|os.O_CREATE, 0600)
 	if err != nil {
 		panic(err)
 	}
@@ -257,9 +256,14 @@ func (c *KnownHostsCallback) trustHosts(hosts []unknownHost) {
 		address := strings.SplitN(line, " ", 2)[0]
 
 		if _, ok := addresses[address]; !ok {
-			newFd.WriteString(fmt.Sprintf("%s\n", line))
+			if _, err := newFd.WriteString(fmt.Sprintf("%s\n", line)); err != nil {
+				panic(err)
+			}
 		}
 	}
+	if err := scanner.Err(); err != nil {
+		panic(err)
+	}
 
 	// Now, replace old known hosts file
 	if err := os.Rename(tmpKnownHostsPath, c.knownHostsPath); err != nil {
-- 
cgit v1.2.3