[PR #180] [MERGED] accountModify - Add a new `accept-new` POLICY in egress-strict-host-key-checking parameter #295

New issue

Closed

opened 2026-05-07 00:20:14 +02:00 by BreizhHardware · 0 comments

BreizhHardware commented

2026-05-07 00:20:14 +02:00

Owner

📋 Pull Request Information

Original PR: https://github.com/ovh/the-bastion/pull/180
Author: @jonathanmarsaud
Created: 5/14/2021
Status: ✅ Merged
Merged: 5/19/2021
Merged by: @speed47

Base: master ← Head: shkc_accept-new

📝 Commits (1)

b5b8b04 accountModify - Add a new accept-new POLICY in egress-strict-host-key-checking parameter

📊 Changes

5 files changed (+20 additions, -12 deletions)

View changed files

📝 bin/helper/osh-accountModify (+1 -1)
📝 bin/plugin/restricted/accountModify (+3 -3)
📝 bin/plugin/restricted/accountModify.json (+7 -7)
📝 doc/sphinx/plugins/restricted/accountModify.rst (+1 -1)
📝 tests/functional/tests.d/330-selfkeys.sh (+8 -0)

📄 Description

Hi,

Currently, the parameter --egress-strict-host-key-checking of accountModify plugin only supports yes, no, ask, default, bypass and then references man ssh_config for additional informations.

One of the keyword is missing, it is called accept-new and is very convenient in our usage with The Bastion and CI/CD. It permits to auto accept new HostKeys but blocks in case of the already auto accepted HostKey is changed, to avoid MitM.
It something between yes and no.

I tested this code in our The Bastion test cluster which is running v3.03.01.

Regards,
DCO: Signed-off-by: Jonathan Marsaud jonathan.marsaud@iguanesolutions.com

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/ovh/the-bastion/pull/180 **Author:** [@jonathanmarsaud](https://github.com/jonathanmarsaud) **Created:** 5/14/2021 **Status:** ✅ Merged **Merged:** 5/19/2021 **Merged by:** [@speed47](https://github.com/speed47) **Base:** `master` ← **Head:** `shkc_accept-new` --- ### 📝 Commits (1) - [`b5b8b04`](https://github.com/ovh/the-bastion/commit/b5b8b041049cf033e5de3c97c1fcf5017f2d377a) accountModify - Add a new `accept-new` POLICY in egress-strict-host-key-checking parameter ### 📊 Changes **5 files changed** (+20 additions, -12 deletions) <details> <summary>View changed files</summary> 📝 `bin/helper/osh-accountModify` (+1 -1) 📝 `bin/plugin/restricted/accountModify` (+3 -3) 📝 `bin/plugin/restricted/accountModify.json` (+7 -7) 📝 `doc/sphinx/plugins/restricted/accountModify.rst` (+1 -1) 📝 `tests/functional/tests.d/330-selfkeys.sh` (+8 -0) </details> ### 📄 Description Hi, Currently, the parameter `--egress-strict-host-key-checking` of `accountModify` plugin only supports `yes`, `no`, `ask`, `default`, `bypass` and then references `man ssh_config` for additional informations. One of the keyword is missing, it is called `accept-new` and is very convenient in our usage with The Bastion and CI/CD. It permits to auto accept new HostKeys but blocks in case of the already auto accepted HostKey is changed, to avoid MitM. It something between `yes` and `no`. I tested this code in our The Bastion test cluster which is running `v3.03.01`. Regards, DCO: Signed-off-by: Jonathan Marsaud <jonathan.marsaud@iguanesolutions.com> --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>