Merge pull request #127 from 0xf10e/known_hosts_pillar
Add host keys from pillar to `ssh_known_hosts`
This commit is contained in:
commit
11366b3c17
15
README.rst
15
README.rst
|
@ -64,8 +64,9 @@ distribution.
|
||||||
``openssh.known_hosts``
|
``openssh.known_hosts``
|
||||||
-----------------------
|
-----------------------
|
||||||
|
|
||||||
Manages the site-wide ssh_known_hosts file and fills it with the
|
Manages the side-wide ssh_known_hosts file and fills it with the
|
||||||
public SSH host keys of all minions. You can restrict the set of minions
|
public SSH host keys of your minions (collected via the Salt mine)
|
||||||
|
and of hosts listed in you pillar data. You can restrict the set of minions
|
||||||
whose keys are listed by using the pillar data ``openssh:known_hosts:target``
|
whose keys are listed by using the pillar data ``openssh:known_hosts:target``
|
||||||
and ``openssh:known_hosts:tgt_type`` (those fields map directly to the
|
and ``openssh:known_hosts:tgt_type`` (those fields map directly to the
|
||||||
corresponding attributes of the ``mine.get`` function).
|
corresponding attributes of the ``mine.get`` function).
|
||||||
|
@ -102,6 +103,16 @@ IPv6 behind one of those DNS entries matches an IPv4 or IPv6 behind the
|
||||||
official hostname of a minion, the alternate DNS name will be associated to the
|
official hostname of a minion, the alternate DNS name will be associated to the
|
||||||
minion's public SSH host key.
|
minion's public SSH host key.
|
||||||
|
|
||||||
|
To add public keys of hosts not among your minions list them under the
|
||||||
|
pillar key ``openssh:known_hosts:static``::
|
||||||
|
|
||||||
|
openssh:
|
||||||
|
known_hosts:
|
||||||
|
static:
|
||||||
|
github.com: 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq[...]'
|
||||||
|
gitlab.com: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABA[...]'
|
||||||
|
|
||||||
|
|
||||||
``openssh.moduli``
|
``openssh.moduli``
|
||||||
-----------------------
|
-----------------------
|
||||||
|
|
||||||
|
|
|
@ -66,6 +66,8 @@
|
||||||
{#- Loop over targetted minions -#}
|
{#- Loop over targetted minions -#}
|
||||||
{%- set host_keys = salt['mine.get'](target, keys_function, tgt_type=tgt_type) -%}
|
{%- set host_keys = salt['mine.get'](target, keys_function, tgt_type=tgt_type) -%}
|
||||||
{%- set host_names = salt['mine.get'](target, hostname_function, tgt_type=tgt_type) -%}
|
{%- set host_names = salt['mine.get'](target, hostname_function, tgt_type=tgt_type) -%}
|
||||||
{%- for host, keys in host_keys|dictsort -%}
|
{%- do host_keys.update(salt['pillar.get']('openssh:known_hosts:static',
|
||||||
|
{}).items()) -%}
|
||||||
|
{%- for host, keys in host_keys| dictsort -%}
|
||||||
{{ known_host_entry(host, host_names, keys) }}
|
{{ known_host_entry(host, host_names, keys) }}
|
||||||
{%- endfor -%}
|
{%- endfor -%}
|
||||||
|
|
|
@ -307,6 +307,10 @@ openssh:
|
||||||
# tgt_type: 'glob'
|
# tgt_type: 'glob'
|
||||||
# To activate the defaults you can just set an empty dict.
|
# To activate the defaults you can just set an empty dict.
|
||||||
#hostnames: {}
|
#hostnames: {}
|
||||||
|
# Here you can list keys for hosts which are not among your minions:
|
||||||
|
static:
|
||||||
|
github.com: 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]'
|
||||||
|
gitlab.com: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]'
|
||||||
|
|
||||||
# specify DH parameters (see /etc/ssh/moduli)
|
# specify DH parameters (see /etc/ssh/moduli)
|
||||||
moduli: |
|
moduli: |
|
||||||
|
|
Loading…
Reference in New Issue