search

srvrco / getssl

obtain free SSL certificates from letsencrypt ACME server Suitable for automating the process on remote servers.
GNU General Public License v3.0
2.1k stars 377 forks source link

SSH_OPTS not working #854

Open DO1JLR opened 1 month ago

DO1JLR commented 1 month ago

SSH_OPTS not working? Hi there, I have added the following config to my getssl account config:

SSH_OPTS="-o StrictHostKeyChecking=accept-new"

Unfortunately, the option does not work and ssh still asks me for ssh key confirmation.

To reproduce.

  1. Create getssl account config with options like: 
    SSH_OPTS="-o StrictHostKeyChecking=accept-new"
RELOAD_CMD="ssh:username@localhost:sudo /bin/systemctl reload nginx.service"
DOMAIN_CHAIN_LOCATION="ssh:username@localhost:/home/username/example.com.crt"
  2. Make sure your .ssh/known_host doesn't contain an entry for localhost
  3. install a certificate
  4. You will be asked to confirm your SSH key fingerprint

Expected behavior I expected not to be asked to confirm my SSH key fingerprint.

Operating system:

Additional context BTW, if I add a file ~/.ssh/config with StrictHostKeyChecking=accept-new as content it works as expected.

timkimber commented 1 month ago

Hi @DO1JLR

Thanks for raising this issue and especially for the easy to follow instructions to reproduce! I was going to suggest just using ssh-keygen -R localhost instead of StrictHostKeyChecking=accept-new, but I will instead check to see if there's an issue with how SSH_OPTS is passed to ssh