1 files changed, 58 insertions, 0 deletions

diff --git a/manifests/subsystem/ssh/known_hosts.pp b/manifests/subsystem/ssh/known_hosts.pp
new file mode 100644
index 0000000..c20b973
--- /dev/null
+++ b/manifests/subsystem/ssh/known_hosts.pp
@@ -0,0 +1,58 @@
+# Manage known_hosts for a particular user
+define nodo::subsystem::ssh::known_host(
+  $owner,
+  $home               = '/home/$owner',
+  $ssh_localhost_auth = false
+) {
+  nodo::subsystem::ssh::folder { "ssh_known_host-${name}":
+    home  => $home,
+    owner => $owner,
+    group => $group,
+  }
+
+  file { "${home}/.ssh/known_hosts":
+    ensure  => present,
+    owner   => $owner,
+    group   => $group,
+    mode    => 0600,
+    require => File["${home}/.ssh"],
+  }
+
+  # You can choose to include the host's fingeprints
+  # directly into the known_hosts file.
+  if $::sshrsakey != '' {
+    line { 'known_hosts-localhost-rsa-${owner}':
+      file   => "${home}/.ssh/known_hosts",
+      line   => "localhost ssh-rsa ${::sshrsakey}",
+      ensure => $ssh_localhost_auth ? {
+        'fingerprint' => present,
+        'auto'        => undef,
+        default       => undef,
+      },
+    }
+  }
+
+  if $::sshdsakey != '' {
+    line { 'known_hosts-localhost-dsa-${owner}':
+      file   => "${home}/.ssh/known_hosts",
+      line   => "localhost ssh-dss ${::sshdsakey}",
+      ensure => $ssh_localhost_auth ? {
+        'fingerprint' => present,
+        'auto'        => undef,
+        default       => undef,
+      },
+    }
+  }
+
+  if $::sshecdsakey != '' {
+    line { 'known_hosts-localhost-ecdsa-${owner}':
+      file   => "${home}/.ssh/known_hosts",
+      line   => "localhost ecdsa-sha2-nistp256 ${::sshedsakey}",
+      ensure => $ssh_localhost_auth ? {
+        'fingerprint' => present,
+        'auto'        => undef,
+        default       => undef,
+      },
+    }
+  }
+}