use proxy.Dial instead of net.Dial for ScanHostKey

ssh.Dial uses net.DialTimeout under the hood
and there is no possibility to use a proxy
when running command like `flux create source git`

so we use almost all internal implementation of ssh.Dial
except net.DialTimeout is replaced with proxy.Dial
like it is done in go-git

Author: adone

ssh/go.mod

@@ -5,11 +5,11 @@ go 1.22.0
 require (
 	github.com/onsi/gomega v1.34.2
 	golang.org/x/crypto v0.27.0
+	golang.org/x/net v0.29.0
 )
 
 require (
 	github.com/google/go-cmp v0.6.0 // indirect
-	golang.org/x/net v0.29.0 // indirect
 	golang.org/x/sys v0.25.0 // indirect
 	golang.org/x/text v0.18.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect

ssh/host_key.go

@@ -17,13 +17,15 @@ limitations under the License.
 package ssh
 
 import (
+	"context"
 	"encoding/base64"
 	"fmt"
 	"net"
 	"time"
 
 	"golang.org/x/crypto/ssh"
 	"golang.org/x/crypto/ssh/knownhosts"
+	"golang.org/x/net/proxy"
 )
 
 // ScanHostKey collects the given host's preferred public key for the
@@ -45,10 +47,20 @@ func ScanHostKey(host string, timeout time.Duration, clientHostKeyAlgos []string
 		config.HostKeyAlgorithms = clientHostKeyAlgos
 	}
 
-	client, err := ssh.Dial("tcp", host, config)
-	if err == nil {
-		defer client.Close()
+	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	defer cancel()
+	// support for ALL_PROXY ENV varaible
+	conn, err := proxy.Dial(ctx, "tcp", host)
+	if err != nil {
+		return nil, err
 	}
+	c, chans, reqs, err := ssh.NewClientConn(conn, host, config)
+	if err != nil {
+		return nil, err
+	}
+	client := ssh.NewClient(c, chans, reqs)
+	defer client.Close()
+
 	if len(col.knownKeys) > 0 {
 		return col.knownKeys, nil
 	}