NAME¶
update-openssh-knwon-hosts - download, filter and merge known_hosts for OpenSSH
SYNOPSIS¶
update-openssh-known-hosts [
-f]
DESCRIPTION¶
update-openssh-known-hosts manages downloading, filtering and mergeing of
ssh_known_hosts files from anywhere into one local file for use by
ssh(1).
OPTIONS¶
- -f
- treat every non-zero exit from download plugin as an error, see
EXIT_IGNORE below.
RETURN VALUES¶
Returns zero on success and anything else on error.
ENVIRONMENT¶
- CONFDIR
- Configuration directory, defaults to /etc/openssh-known-hosts. Currently
there is only a sources subdirectory in it.
- PLUGIN_PATH
- Plugin search path, defaults to
/usr/local/share/openssh-known-hosts/plugins:/usr/share/openssh-known-hosts/plugins.
- CACHEDIR
- Cache directory, defaults to /var/cache/openssh-known-hosts.
- LOCK
- Lockfile path, defaults to /var/lock/openssh-known-hosts.
- OUTFILE
- Output file name, defaults to
/var/lib/openssh-known-hosts/ssh_known_hosts
SOURCE DEFINITIONS¶
A source definition is shell snippet dropped into CONFDIR/sources/ with a
run-parts(8) compliant name. There are two variables not specific to a
download plugin:
- PLUGIN
- name of the download plugin to use, searched for in PLUGIN_PATH.
- EXIT_IGNORE
- optional space-seperated list of exitcodes which should be ignored. Upon
such exit code the previously downloaded version is used.
DOWNLOAD PLUGINS¶
Download plugins are executables dropped into PLUGIN_PATH and referenced via the
PLUGIN variable in the source definition. A plugin gets the variables set in
the source definition in its environment. The working directory will be set to
the source's cache directory. Everything a plugin has to do is to create a
file named "new". "current" must not be touched but can be
used as a hint to skip downloading the same file again. stdout and stderr will
be connected to "log", which will be output on error. Plugins
needn't create "new" if it would be identical to
"current".
HOSTNAME FILTERS¶
Place a file foo.filter next to your source definition foo. Each line shall
contain a rule consisting of an action, a space and a pattern. The first rule
with a matching pattern decides: If the action starts with a, o, p or y (for
accept, admit, allow, ok, pass, permit, print, yes, ...) the hostname will be
used, otherwise it is discarded. If a key has no hostnames left it is
discarded as a whole.
SEE ALSO¶
ssh(1),
sshd(8),
ssh_config(5),
curl(1),
rsync(1),
psql(1),
run-parts(8)
AUTHORS¶
Timo Weingärtner <timo@tiwe.de>.