What version of Go are you using (go version)?

$ go version
go version go1.14.4 windows/amd64

I'd like to submit a PR to include the option of an interactive prompt for host key verification in the case where the host key is not present in the known_hosts sources. Adding a prompt like what exists with the ssh CLI tool would be nice for other interactive tools that use this package.

Example:

The authenticity of host 'localhost (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:un8VXgUIyeqFIkd/l+avJyKOQvIvuthI8wkva0OmclU.
Are you sure you want to continue connecting (yes/no/[fingerprint])?

Current function:

func New(files ...string) (ssh.HostKeyCallback, error)

There are a few different ways I could see this going, so I'm requesting feedback on what would be most preferable.

Approach 1
I think this would be most easily done by adding a function to the x/crypto/ssh/knownhosts package to specify that verification should be interactive. This could be added at this line.

Proposed added function:

// NewInteractive creates a HostKeyCallback with an extended HostKeyFallback that
// shows an interactive prompt. If the user accepts the host key signature, then the
// key will be added to all sources specified by the 'files' parameter.
func NewInteractive(files ...string) (ssh.HostKeyCallback, error)

Approach 2
Alternatively, an option to include a handler for this functionality could be added so the user can make their own determinations about how to handle this situation. This may be preferable for some, but puts the extended verification process in the hands of the devs using this package. This is arguable not ideal considering that the existing verification processes are behind unexported functions, which seems to indicate that you're not trying to expose people to much of the complexity of host cert/key verification.

// UnknownHostKeyHandler allows the caller to provide an additional handler that gets called
// in the event that the host key is not revoked and not found in any of the provided known_hosts
// file locations.
type UnknownHostKeyHandler func(hostname string, remote net.Addr, key PublicKey) error

// NewInteractive enables the use of an UnknownHostKeyHandler.
func NewInteractive(unknownHandler UnknownHostKeyHandler, files ...string) (ssh.HostKeyCallback, error) {
    /* ... */
}

Approach 3
Another way to extend this could be with a configuration object that is passed to a new New function. This would provide an extension point for later use and provide the desired interactive behavior. I don't think there's a whole lot that would need to be added to this package and still fit within its scope, but it's an option nonetheless.

// InteractivePrompt uses the provided information to construct an interactive prompt string
// that is displayed to the user.
type InteractivePrompt func(hostname string, remote net.Addr, key PublicKey) string

// HostVerificationConfig allows callers to customize host verification.
type HostVerificationConfig struct {
    InteractiveHostKey bool,
    Prompt InteractivePrompt,
}

// NewCustom allows the caller to provide HostVerificationConfig to customize the host verification process.
func NewCustom(verificationConfig HostVerificationConfig, files ...string) (ssh.HostKeyCallback, error) {
    /* ... */
}