Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add accept-new as valid option for ssh_config host key checking #8257

Merged
merged 3 commits into from
Apr 21, 2024
Merged

Add accept-new as valid option for ssh_config host key checking #8257

merged 3 commits into from
Apr 21, 2024

Conversation

Maxopoly
Copy link
Contributor

SUMMARY

Fixes #8177

ISSUE TYPE
  • Feature Pull Request
COMPONENT NAME

ssh_config

ADDITIONAL INFORMATION

As described in #8177

OpenSSH 7.6 introduced a new value accept-new for StrictHostKeyChecking which allows for automatically adding fingerprints for new hosts in ~/.ssh/know_hosts but still block the connection attempt if the fingerprint changes (eg. MITM attack).

This PR adds this value to the valid settings for strict_host_key_checking

@Maxopoly Maxopoly mentioned this pull request Apr 21, 2024
Closed
1 task
@Maxopoly Maxopoly changed the title Add accept-new as valid option for host key checking Add accept-new as valid option for ss_config host key checking Apr 21, 2024
@Maxopoly Maxopoly changed the title Add accept-new as valid option for ss_config host key checking Add accept-new as valid option for ssh_config host key checking Apr 21, 2024
@ansibullbot
Copy link
Collaborator

cc @Akasurde @gaqzi
click here for bot help

@ansibullbot ansibullbot added feature This issue/PR relates to a feature request has_issue module module plugins plugin (any type) labels Apr 21, 2024
@felixfontein felixfontein added check-before-release PR will be looked at again shortly before release and merged if possible. backport-8 Automatically create a backport for the stable-8 branch labels Apr 21, 2024
felixfontein
felixfontein reviewed Apr 21, 2024
View reviewed changes
Copy link
Collaborator

@felixfontein felixfontein left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for your contribution!

changelogs/fragments/8257-ssh-config-hostkey-support-accept-new.yaml Outdated Show resolved Hide resolved
plugins/modules/ssh_config.py Show resolved Hide resolved
plugins/modules/ssh_config.py Outdated Show resolved Hide resolved
@Maxopoly @felixfontein
Apply suggestions from code review
bd6fb86 
Co-authored-by: Felix Fontein <felix@fontein.de>
@Maxopoly Maxopoly requested a review from felixfontein April 21, 2024 14:28
felixfontein
felixfontein approved these changes Apr 21, 2024
View reviewed changes
Copy link
Collaborator

@felixfontein felixfontein left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me. Will merge later today.

@felixfontein felixfontein removed the check-before-release PR will be looked at again shortly before release and merged if possible. label Apr 21, 2024
@felixfontein felixfontein merged commit af1c5dd into ansible-collections:main Apr 21, 2024
132 of 133 checks passed
@patchback Patchback
Copy link

patchback bot commented Apr 21, 2024
edited
Loading

Backport to stable-8: 💚 backport PR created

✅ Backport PR branch: patchback/backports/stable-8/af1c5dd7853df3f99c7ee2dfec13df00e7c2dc74/pr-8257

Backported as #8267

🤖 @patchback
I'm built with octomachinery and
my source is open — https://github.com/sanitizers/patchback-github-app.

patchback bot pushed a commit that referenced this pull request Apr 21, 2024
@Maxopoly @patchback
Add accept-new as valid option for ssh_config host key checking (#8257)
02cca83 
* Add accept-new as valid option for host key checking

* Add changelog fragment for #8257

* Apply suggestions from code review

Co-authored-by: Felix Fontein <felix@fontein.de>

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit af1c5dd)
@patchback patchback bot mentioned this pull request Apr 21, 2024
Merged
@felixfontein
Copy link
Collaborator

@Maxopoly thanks for your contribution!

felixfontein pushed a commit that referenced this pull request Apr 21, 2024
@patchback @Maxopoly
[PR #8257/af1c5dd7 backport][stable-8] Add accept-new as valid option…
bc829f6 
… for ssh_config host key checking (#8267)

Add accept-new as valid option for ssh_config host key checking (#8257)

* Add accept-new as valid option for host key checking

* Add changelog fragment for #8257

* Apply suggestions from code review

Co-authored-by: Felix Fontein <felix@fontein.de>

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit af1c5dd)

Co-authored-by: Maxopoly <max@dermax.org>
aretrosen pushed a commit to aretrosen/community.general that referenced this pull request Apr 22, 2024
@Maxopoly @felixfontein @aretrosen
Add accept-new as valid option for ssh_config host key checking (ansi…
0d7e5d4 
…ble-collections#8257)

* Add accept-new as valid option for host key checking

* Add changelog fragment for ansible-collections#8257

* Apply suggestions from code review

Co-authored-by: Felix Fontein <felix@fontein.de>

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@felixfontein felixfontein felixfontein approved these changes

Assignees
No one assigned
Labels
backport-8 Automatically create a backport for the stable-8 branch feature This issue/PR relates to a feature request has_issue module module plugins plugin (any type)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[ssh_config] Enable value accept-new for option strict_host_key_checking
3 participants
@Maxopoly @ansibullbot @felixfontein