Coder Social home page Coder Social logo

ansible-sshknownhosts's Introduction

sshknownhosts

Installation

Copy sshknownhosts to $ANSIBLE_LIBRARY on the management host.

    install -m 444 sshknownhosts $ANSIBLE_LIBRARY/sshknownhosts

Usage

    sshknownhosts
            host= host1.domain.com
            dest= /path/to/ssh_known_hosts (default: /etc/ssh/ssh_known_hosts)
            enctype= rsa|dsa|ecdsa (default: rsa)
            keyscan= /path/to/ssh-keyscan (default: use ssh-keyscan in $PATH)
            port= portnumber (default: 22)
            state= present|absent (default: present)

Playbook

    - name: Add localhost to ssh_known_hosts file
      action: sshknownhosts host=localhost state=present port=2222

    - name: Add several hosts to ssh_known_hosts file
      action: sshknownhosts host={{ item }} state=present
      with_items:
        - host1.example.com
        - host2.example.com
        - host3.example.com

Security

If an ssh_known_hosts file is constructed using ssh-keyscan without verifying the keys, users will be vulnerable to man in the middle attacks. On the other hand, if the security model allows such a risk, ssh-keyscan can help in the detection of tampered keyfiles or man in the middle attacks which have begun after the ssh_known_hosts file was created.

(taken from the ssh-keyscan man page)

Possible Future Enhancements

  • aliases: adding aliases for hosts. They end up in the known hosts file like this: host1,alias1,alias2 sshkey
  • as an alternative to supplying a host or list of hosts, get the list of hosts from the existing ssh_known_hosts file and re-scan for updates.
  • key: supplying the host key from a string or file instead of looking it up with the ssh-keyscan program.
  • ssh information: use configuration items for ssh used by the ssh-keyscan program such as port number, or IPv4/IPv6 addresses.
  • allow multiple key types (rsa and dsa together, for example)

Feedback on these and other options would be appreciated.

Notes

  • A module I wrote for my own use that others might find useful, so I added some docs and put it up on github.
  • This is my first python program, so I appreciate some feedback (and my first public ansible module)
  • Tested on Debian flavours (Mint 14 and up, Debian Sid and XUbuntu 12.10 and 13.04) and OpenBSD 5.2 and up.
  • Contact me at http://www.bfmartin.ca/contact/

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.