[PR #593] feat: add try-personal-keys option for groups #598

New issue

Open

opened 2026-05-07 00:21:42 +02:00 by BreizhHardware · 0 comments

BreizhHardware commented

2026-05-07 00:21:42 +02:00

Owner

📋 Pull Request Information

Original PR: https://github.com/ovh/the-bastion/pull/593
Author: @jon4hz
Created: 10/1/2025
Status: 🔄 Open

Base: master ← Head: feat-group-use-personal-keys

📝 Commits (2)

b6e7dfd feat: add try-personal-keys policy for groups
9b8baf1 fix: return booleans as 1 and 0 in the api

📊 Changes

7 files changed (+181 additions, -6 deletions)

View changed files

📝 bin/helper/osh-groupModify (+28 -3)
📝 bin/plugin/group-owner/groupModify (+16 -2)
📝 bin/plugin/open/groupInfo (+16 -0)
📝 bin/shell/connect.pl (+2 -1)
📝 lib/perl/OVH/Bastion.pm (+1 -0)
📝 lib/perl/OVH/Bastion/allowdeny.inc (+36 -0)
📝 tests/functional/tests.d/350-groups.sh (+82 -0)

📄 Description

Hi again,

I don't want to spam you with pull requests, but I've had quite some time to work on The Bastion.

With this PR, I've implemented the discussed --try-personal-keys feature from #585.
If a group enables this policy using groupModify --group mygroup --try-personal-keys yes, all connection attempts to servers from this group will try the user's personal ssh keys as well as the ones from the group.
The policy will also apply to guest accesses.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/ovh/the-bastion/pull/593 **Author:** [@jon4hz](https://github.com/jon4hz) **Created:** 10/1/2025 **Status:** 🔄 Open **Base:** `master` ← **Head:** `feat-group-use-personal-keys` --- ### 📝 Commits (2) - [`b6e7dfd`](https://github.com/ovh/the-bastion/commit/b6e7dfd1cced12327d53cd5ce6963e140dec68a9) feat: add try-personal-keys policy for groups - [`9b8baf1`](https://github.com/ovh/the-bastion/commit/9b8baf160707be2debcb64baee68d1a30e450f84) fix: return booleans as 1 and 0 in the api ### 📊 Changes **7 files changed** (+181 additions, -6 deletions) <details> <summary>View changed files</summary> 📝 `bin/helper/osh-groupModify` (+28 -3) 📝 `bin/plugin/group-owner/groupModify` (+16 -2) 📝 `bin/plugin/open/groupInfo` (+16 -0) 📝 `bin/shell/connect.pl` (+2 -1) 📝 `lib/perl/OVH/Bastion.pm` (+1 -0) 📝 `lib/perl/OVH/Bastion/allowdeny.inc` (+36 -0) 📝 `tests/functional/tests.d/350-groups.sh` (+82 -0) </details> ### 📄 Description Hi again, I don't want to spam you with pull requests, but I've had quite some time to work on The Bastion. With this PR, I've implemented the discussed `--try-personal-keys` feature from #585. If a group enables this policy using `groupModify --group mygroup --try-personal-keys yes`, all connection attempts to servers from this group will try the user's personal ssh keys as well as the ones from the group. The policy will also apply to guest accesses. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>