1 files changed, 50 insertions, 0 deletions

diff --git a/manifests/defines/ssh_known_hosts.pp b/manifests/defines/ssh_known_hosts.pp
new file mode 100644
index 0000000..50ae87e
--- /dev/null
+++ b/manifests/defines/ssh_known_hosts.pp
@@ -0,0 +1,50 @@
+# Manage known_hosts for a particular user
+define ssh_known_host($owner, $home = '/home/$owner', $ssh_localhost_auth = false) {
+  include nodo::subsystem::ssh_folder
+
+  file { "${home}/.ssh/known_hosts":
+    ensure  => present,
+    owner   => $owner,
+    group   => $group,
+    mode    => 0600,
+    require => File["${home}/.ssh"],
+  }
+
+  # You can choose to include the host's fingeprints
+  # directly into the known_hosts file.
+  if $::sshrsakey != '' {
+    line { 'known_hosts-localhost-rsa-${owner}':
+      file   => "${home}/.ssh/known_hosts",
+      line   => "localhost ssh-rsa ${::sshrsakey}",
+      ensure => $ssh_localhost_auth ? {
+        'fingerprint' => present,
+        'auto'        => undef,
+        default       => undef,
+      },
+    }
+  }
+
+  if $::sshdsakey != '' {
+    line { 'known_hosts-localhost-dsa-${owner}':
+      file   => "${home}/.ssh/known_hosts",
+      line   => "localhost ssh-dss ${::sshdsakey}",
+      ensure => $ssh_localhost_auth ? {
+        'fingerprint' => present,
+        'auto'        => undef,
+        default       => undef,
+      },
+    }
+  }
+
+  if $::sshecdsakey != '' {
+    line { 'known_hosts-localhost-ecdsa-${owner}':
+      file   => "${home}/.ssh/known_hosts",
+      line   => "localhost ecdsa-sha2-nistp256 ${::sshedsakey}",
+      ensure => $ssh_localhost_auth ? {
+        'fingerprint' => present,
+        'auto'        => undef,
+        default       => undef,
+      },
+    }
+  }
+}