t2d.ssh_known_hosts

Panoramica Versioni Approfondimenti

sshknownhostsrole

This is an Ansible role that handles the SSH known hosts file, typically found at /etc/ssh/ssh_known_hosts or in the user's home directory at ~user/.ssh/known_hosts.

The goal of this role is to make the sshknownhosts module (found at https://github.com/bfmartin/ansible-sshknownhosts) compatible with Ansible Galaxy.

Requirements

It should work on any Unix-like system with an OpenSSH server.

Security

If you create an ssh_known_hosts file using ssh-keyscan without checking the keys, it can make users vulnerable to man-in-the-middle attacks. However, if you accept this risk, ssh-keyscan can help identify changed key files or attacks that started after the ssh_known_hosts file was made.

(From the ssh-keyscan manual)

You can manually provide a fingerprint using the fingerprint attribute for added security.

Role Variables

This role includes the following variables, along with their default values:

  • ssh_known_hosts_path: The file where data will be written. The default is /etc/ssh/ssh_known_hosts, but ~user/.ssh/known_hosts is a good alternative.

  • ssh_known_hosts_state: Can be present (default) or absent.

  • ssh_known_hosts_enctype: The type of public key to look for, like rsa, dsa, ecdsa, or ed25519. Default is rsa.

  • ssh_known_hosts_port: The port to use when connecting to the remote host. The default is 22.

  • ssh_known_hosts_keyscan: The program used for scanning. The default is ssh-keyscan found in the current path.

  • ssh_known_hosts: A list of dictionaries that includes the host and its attributes to scan:

ssh_known_hosts:
  - name: example.com
    state: present
    dest: /etc/ssh/ssh_known_hosts
    enctype: rsa
    port: 22
    keyscan: ssh-keyscan
    aliases:
      - www.example.com
      - www2.example.com

Dependencies

None.

Example Playbook

Here’s an example playbook:

---
- hosts: all
  vars:
    ssh_known_hosts:
      - name: example.com
        state: present
        dest: /etc/ssh/ssh_known_hosts
        enctype: rsa
        port: 22
        keyscan: ssh-keyscan
        aliases:
          - www.example.com
          - www2.example.com
      - name: srv.example.com
        fingerprint: AAAAE2VjZHNhLXNoYTItbmlzdHAyN...
  roles:
    - role: sshknownhosts

License

BSD

Author Information

Byron F. Martin
Email: Contact
GitHub: bfmartin

Informazioni sul progetto

This is an ansible role that manages the SSH known hosts file usually located at /etc/ssh/ssh_known_hosts or ~user/.ssh/known_hosts.

role networking ssh system
Installa
ansible-galaxy install t2d.ssh_known_hosts
GitHub repository
0 stelle
0 fork
0 problemi aperti
Licenza
bsd-2-clause
Download
669
Proprietario