SSH_OPTS not working

[DO1JLR]

SSH_OPTS not working?
Hi there, I have added the following config to my getssl account config:

SSH_OPTS="-o StrictHostKeyChecking=accept-new"

Unfortunately, the option does not work and ssh still asks me for ssh key confirmation.

To reproduce.

1. Create getssl account config with options like:

SSH_OPTS="-o StrictHostKeyChecking=accept-new"
RELOAD_CMD="ssh:username@localhost:sudo /bin/systemctl reload nginx.service"
DOMAIN_CHAIN_LOCATION="ssh:username@localhost:/home/username/example.com.crt"

2. Make sure your .ssh/known_host doesn't contain an entry for localhost
3. install a certificate
4. You will be asked to confirm your SSH key fingerprint

Expected behavior
I expected not to be asked to confirm my SSH key fingerprint.

Operating system:

• OS: Debian GNU/Linux 12 (bookworm)
• Bash version GNU bash, version 5.2.15(1)-release (x86_64-pc-linux-gnu)
• getssl V2.49

Additional context
BTW, if I add a file ~/.ssh/config with StrictHostKeyChecking=accept-new as content it works as expected.

[timkimber]

Hi @DO1JLR

Thanks for raising this issue and especially for the easy to follow instructions to reproduce! I was going to suggest just using ssh-keygen -R localhost instead of StrictHostKeyChecking=accept-new, but I will instead check to see if there's an issue with how SSH_OPTS is passed to ssh