[PR #228] [CLOSED] Feat: Add SSHFP support for egress connections #326

New issue

Closed

opened 2026-05-07 00:20:22 +02:00 by BreizhHardware · 0 comments

BreizhHardware commented

2026-05-07 00:20:22 +02:00

Owner

📋 Pull Request Information

Original PR: https://github.com/ovh/the-bastion/pull/228
Author: @coimbrap
Created: 8/16/2021
Status: ❌ Closed

Base: master ← Head: feat/sshfp_for_egress

📝 Commits (2)

9a66f48 feat: use hostname instead of ip for ssh in osh
8f75b00 feat: use hostname instead of ip for scp in plugin scp

📊 Changes

2 files changed (+5 additions, -3 deletions)

View changed files

📝 bin/plugin/open/scp (+3 -1)
📝 bin/shell/osh.pl (+2 -2)

📄 Description

Allow SSHFP fields to be used for connections between The Bastion and backends.

For SSH we just replace $ip by $hostto and for SCP we use ip2host with $ip to obtain hostname.

When the host cannot be resolved or no SSHFP fields available (dns unreachable or no SSHFP / PTR entry):, classical TOFU is used

ip2host call :

my $hostto = OVH::Bastion::ip2host($ip)->value || $ip;

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/ovh/the-bastion/pull/228 **Author:** [@coimbrap](https://github.com/coimbrap) **Created:** 8/16/2021 **Status:** ❌ Closed **Base:** `master` ← **Head:** `feat/sshfp_for_egress` --- ### 📝 Commits (2) - [`9a66f48`](https://github.com/ovh/the-bastion/commit/9a66f48977432339f8851a58765bdfc17bebbd44) feat: use hostname instead of ip for ssh in osh - [`8f75b00`](https://github.com/ovh/the-bastion/commit/8f75b009fd8083662cb4f2ee356a44f4370d6bfc) feat: use hostname instead of ip for scp in plugin scp ### 📊 Changes **2 files changed** (+5 additions, -3 deletions) <details> <summary>View changed files</summary> 📝 `bin/plugin/open/scp` (+3 -1) 📝 `bin/shell/osh.pl` (+2 -2) </details> ### 📄 Description Allow SSHFP fields to be used for connections between The Bastion and backends. For SSH we just replace `$ip` by `$hostto` and for SCP we use `ip2host` with `$ip` to obtain hostname. When the host cannot be resolved or no SSHFP fields available (dns unreachable or no SSHFP / PTR entry):, classical TOFU is used `ip2host` call : ``` my $hostto = OVH::Bastion::ip2host($ip)->value || $ip; ``` --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>