notmycloud.ssh_keyscan

Panoramica Versioni Approfondimenti

SSH Keyscan

=========

This is a simple tool to notify you about unknown SSH fingerprints and allow the continuation of playbook processing.

By default, it will record these SSH host keys: RSA, DSA, ECDSA, and ED25519. If you want to support new formats, please open an issue.

Known hosts will be stored in a known_hosts.d directory, with a separate file for each host (named after the inventory_hostname). The usual places for known_hosts will still work as before.

NOTE: If a host key doesn't match what’s already saved, or if there’s no saved key, the process will pause until you confirm to continue. You can use a variable to change this behavior.

Requirements

You need the dig command installed on the Ansible host.

Role Variables

  • global_known_hosts: false # Change to true to add keys to the global known_hosts instead of the Ansible user's known_hosts.
  • ssh:
    • host: host.example.com # Specify the host to add to known_hosts.
    • port: 8022 # Specify the port to scan; defaults to 22.
  • verify_host_keys: true # Alerts you if the host key is new or does not match the saved key. Set to false to accept a new host key automatically.

Dependencies

none at this moment

Example Playbook

---
- name: Playbook Name
  hosts: MyHosts
  
  roles:
    - role: notmycloud.ssh_keyscan
      vars:
        global_known_hosts: true
        ssh:
          host: github.com
          port: 22
        verify_host_keys: false

License

MIT License

© 2022 Not My Cloud devops@notmy.cloud

You can use this software freely, as long as the copyright notice and permission notice are included in all copies. The software is provided "as is", without any guarantees.

Author Information

Coming Soon!

Support

For support, please open an issue and include the following information. Do not contact us directly, as we will not respond.

  • Sample task/playbook that shows your issue.
  • Ansible version (ansible --version).
  • Ansible configuration (ansible-config dump --only-changed -t all). If you're using an older version, skip the -t all part.
  • Explanation of what is happening versus what you expected to happen.
Informazioni sul progetto

A simple role to save remote host keys to known_hosts.

role fingerprint keys ssh
Installa
ansible-galaxy install notmycloud.ssh_keyscan
GitHub repository
1 stelle
0 fork
0 problemi aperti
Licenza
Unknown
Download
74
Proprietario