Skip to content

PB-1068 refactor 1: Replace addRepositoryHostToSSHKnownHosts with StrictHostKeyChecking=accept-new #3676

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
zhming0 wants to merge 1 commit into
base: main
Choose a base branch
from
Open

PB-1068 refactor 1: Replace addRepositoryHostToSSHKnownHosts with StrictHostKeyChecking=accept-new #3676

zhming0 wants to merge 1 commit into from
+283 −489

Conversation

@zhming0
Copy link
Contributor

@zhming0 zhming0 commented Jan 21, 2026
edited
Loading

Description

Simplifies SSH host key verification by using OpenSSH's StrictHostKeyChecking=accept-new option instead of running ssh-keyscan before git operations.

  • Set GIT_SSH_COMMAND="ssh -o StrictHostKeyChecking=accept-new" when SSHKeyscan is enabled
  • Removed ssh-keyscan invocations and known_hosts file manipulation
  • Deleted ssh.go, knownhosts.go and their tests (~450 lines removed)

The new approach is important reducing our reliance on Git binary, making it slightly easier for my subsequent git abstraction PR.

  • Eliminates dependency on ssh-keyscan binary
  • Removes Windows-specific path hackery to find SSH tools bundled with Git
  • Simpler, fewer moving parts

One important note is this PR raises our minimum SSH version requirement to ~2017. You can vote yes or no 🙂 .

Context

part of PB-1068

Testing

  • Tests have run locally (with go test ./...). Buildkite employees may check this if the pipeline has run automatically.
  • Code is formatted (with go tool gofumpt -extra -w .)

Disclosures / Credits

LLM powered this time

@zhming0 zhming0 requested a review from a team January 21, 2026 05:20
@zhming0 zhming0 force-pushed the ming/pb-1068-refactor-1 branch from f35f648 to 364c5fa Compare January 22, 2026 02:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@zhming0