aboutsummaryrefslogtreecommitdiff
path: root/manifests/defines/ssh_known_hosts.pp
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2013-04-12 17:09:03 -0300
committerSilvio Rhatto <rhatto@riseup.net>2013-04-12 17:09:03 -0300
commitfe1c86b8f938283e9dd8196a8b11a9648f4b49e6 (patch)
treec2d999eca03862a3e4af57e0885397adf6bbc6ec /manifests/defines/ssh_known_hosts.pp
parentec5c750d12bdc7948bb3c04f0c72817718a0bf47 (diff)
downloadpuppet-nodo-fe1c86b8f938283e9dd8196a8b11a9648f4b49e6.tar.gz
puppet-nodo-fe1c86b8f938283e9dd8196a8b11a9648f4b49e6.tar.bz2
Major refactor
Diffstat (limited to 'manifests/defines/ssh_known_hosts.pp')
-rw-r--r--manifests/defines/ssh_known_hosts.pp50
1 files changed, 50 insertions, 0 deletions
diff --git a/manifests/defines/ssh_known_hosts.pp b/manifests/defines/ssh_known_hosts.pp
new file mode 100644
index 0000000..50ae87e
--- /dev/null
+++ b/manifests/defines/ssh_known_hosts.pp
@@ -0,0 +1,50 @@
+# Manage known_hosts for a particular user
+define ssh_known_host($owner, $home = '/home/$owner', $ssh_localhost_auth = false) {
+ include nodo::subsystem::ssh_folder
+
+ file { "${home}/.ssh/known_hosts":
+ ensure => present,
+ owner => $owner,
+ group => $group,
+ mode => 0600,
+ require => File["${home}/.ssh"],
+ }
+
+ # You can choose to include the host's fingeprints
+ # directly into the known_hosts file.
+ if $::sshrsakey != '' {
+ line { 'known_hosts-localhost-rsa-${owner}':
+ file => "${home}/.ssh/known_hosts",
+ line => "localhost ssh-rsa ${::sshrsakey}",
+ ensure => $ssh_localhost_auth ? {
+ 'fingerprint' => present,
+ 'auto' => undef,
+ default => undef,
+ },
+ }
+ }
+
+ if $::sshdsakey != '' {
+ line { 'known_hosts-localhost-dsa-${owner}':
+ file => "${home}/.ssh/known_hosts",
+ line => "localhost ssh-dss ${::sshdsakey}",
+ ensure => $ssh_localhost_auth ? {
+ 'fingerprint' => present,
+ 'auto' => undef,
+ default => undef,
+ },
+ }
+ }
+
+ if $::sshecdsakey != '' {
+ line { 'known_hosts-localhost-ecdsa-${owner}':
+ file => "${home}/.ssh/known_hosts",
+ line => "localhost ecdsa-sha2-nistp256 ${::sshedsakey}",
+ ensure => $ssh_localhost_auth ? {
+ 'fingerprint' => present,
+ 'auto' => undef,
+ default => undef,
+ },
+ }
+ }
+}