From: Tom Hughes Date: Thu, 1 Aug 2013 13:30:53 +0000 (+0100) Subject: Include ECDSA keys in ssh_known_hosts X-Git-Url: https://git.openstreetmap.org./chef.git/commitdiff_plain/81a4cb2bb67d0ee701260ca9f8c9441a686bf308?ds=sidebyside Include ECDSA keys in ssh_known_hosts --- diff --git a/cookbooks/openssh/recipes/default.rb b/cookbooks/openssh/recipes/default.rb index ceb9a6792..79a2dd1fb 100644 --- a/cookbooks/openssh/recipes/default.rb +++ b/cookbooks/openssh/recipes/default.rb @@ -42,11 +42,19 @@ end.collect do |node| names |= [ "#{node[:hostname]}.#{node[:networking][:roles][:external][:zone]}.openstreetmap.org" ] end + keys = { + "rsa" => node[:keys][:ssh][:host_rsa_public], + "dsa" => node[:keys][:ssh][:host_dsa_public] + } + + if node[:keys][:ssh][:host_ecdsa_public] + keys[node[:keys][:ssh][:host_ecdsa_type]] = node[:keys][:ssh][:host_ecdsa_public] + end + Hash[ :names => names.sort, :addresses => node.ipaddresses.sort, - :rsa => node[:keys][:ssh][:host_rsa_public], - :dsa => node[:keys][:ssh][:host_dsa_public] + :keys => keys ] end diff --git a/cookbooks/openssh/templates/default/ssh_known_hosts.erb b/cookbooks/openssh/templates/default/ssh_known_hosts.erb index d3e92cc43..e71e9bb56 100644 --- a/cookbooks/openssh/templates/default/ssh_known_hosts.erb +++ b/cookbooks/openssh/templates/default/ssh_known_hosts.erb @@ -1,8 +1,9 @@ # DO NOT EDIT - This file is being maintained by Chef <% @hosts.each do |host| -%> -<%= host[:names].join(",") -%>,<%= host[:addresses].join(",") -%> ssh-rsa <%= host[:rsa] %> -<%= host[:names].join(",") -%>,<%= host[:addresses].join(",") -%> ssh-dsa <%= host[:dsa] %> +<% host[:keys].keys.sort.each do |type| -%> +<%= host[:names].join(",") -%>,<%= host[:addresses].join(",") -%> <%= type %> <%= host[:keys][type] %> +<% end -%> <% end -%> apc1,apc1.ucl.openstreetmap.org,10.0.0.49 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAYQDYDLYD52vwCagyebWxujdLw5/jnJ4Nln8g+pXFylT6OJU2R6t+U7mndZUKj1ClCt4AkS77/lEncs8Ie9YM3zzZlN0zsMEmhXzT62wO+0WJkr+hGSlTkMp1iL+dqC9Bk+U= apc2,apc2.ucl.openstreetmap.org,10.0.0.50 ssh-rsa AAAAB3NzaC1yc2EAAAACAQEAAAEBANYmUWIbP1bVQEcyeIoKZOvW/cyzmWytUA0u/057WGCMB70UKJrgmhRoArtxm3O4sFYS5b5xzhpcJ6YyYPjs3GMa67lkUBv/mOZEOIM20VeP7biRQf5DLrrSF5cS4A3p+ft7TyFPAuIgywxHQwpnRi7ZtBIPNj6MbRukUYivWrBVQML23O2hfWbwyLWQCTpedycgb1OFYbKC86r73PwW6ZP3Kzv0CDinDL2heEBT/hdeUkeXJCbop6tU3A4bA/obMTmKxsVoT2vEhto3v/bXFAFDQyYidBrOo+CBa3Nbbl+0wAZLBbrjkbQC7gz6TtU70ceLHo/cl8zmIQlHKa8c/Ec=