{"id":13781584,"url":"https://github.com/chef-cookbooks/ssh_known_hosts","last_synced_at":"2025-05-11T15:31:55.091Z","repository":{"id":2725779,"uuid":"3720695","full_name":"chef-cookbooks/ssh_known_hosts","owner":"chef-cookbooks","description":"Development repository for Chef Cookbook ssh_known_hosts","archived":false,"fork":false,"pushed_at":"2021-10-06T15:19:10.000Z","size":256,"stargazers_count":72,"open_issues_count":2,"forks_count":76,"subscribers_count":31,"default_branch":"main","last_synced_at":"2024-11-17T16:43:03.915Z","etag":null,"topics":["chef","cookbook","hacktoberfest"],"latest_commit_sha":null,"homepage":"https://supermarket.chef.io/cookbooks/ssh_known_hosts","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/chef-cookbooks.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null}},"created_at":"2012-03-14T18:21:25.000Z","updated_at":"2024-01-09T05:04:23.000Z","dependencies_parsed_at":"2022-09-10T20:41:47.018Z","dependency_job_id":null,"html_url":"https://github.com/chef-cookbooks/ssh_known_hosts","commit_stats":null,"previous_names":[],"tags_count":28,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chef-cookbooks%2Fssh_known_hosts","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chef-cookbooks%2Fssh_known_hosts/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chef-cookbooks%2Fssh_known_hosts/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chef-cookbooks%2Fssh_known_hosts/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/chef-cookbooks","download_url":"https://codeload.github.com/chef-cookbooks/ssh_known_hosts/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253588566,"owners_count":21932278,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["chef","cookbook","hacktoberfest"],"created_at":"2024-08-03T18:01:27.347Z","updated_at":"2025-05-11T15:31:54.793Z","avatar_url":"https://github.com/chef-cookbooks.png","language":"Ruby","funding_links":[],"categories":["Resources"],"sub_categories":["Security"],"readme":"# ssh_known_hosts Cookbook\n\n[![Build Status](https://travis-ci.org/chef-cookbooks/ssh_known_hosts.svg?branch=master)](http://travis-ci.org/chef-cookbooks/ssh_known_hosts) [![Cookbook Version](https://img.shields.io/cookbook/v/ssh_known_hosts.svg)](https://supermarket.chef.io/cookbooks/ssh_known_hosts)\n\n- The default recipe builds `/etc/ssh/ssh_known_hosts` based either on search indexes using `rsa,dsa` key types and ohai data **or**, when `['ssh_known_hosts']['use_data_bag_cache']` is `true`, on the contents of a data bag that is maintained by the `cacher` recipe running on a worker node.\n- The cacher recipe builds and maintains a data bag based on search indexes using `rsa,dsa` key types and ohai data.\n\nYou can also optionally put other host keys in a data bag called \"`ssh_known_hosts`\". See below for details.\n\nWARNING: The `ssh_known_hosts_entry` resource is now built into Chef 14.4+ and no longer ships in this cookbook.\n\n## Requirements\n\n### Platforms\n\n- Any operating system that supports `/etc/ssh/ssh_known_hosts`.\n\n### Chef\n\n- 14.4+\n\n## Recipes\n\n### Cacher\n\nUse the `cacher` recipe on a single \"worker\" node somewhere in your cluster to maintain a data bag (`server_data/known_hosts` by default) containing all of your nodes host keys. The advantage to this approach is that is much faster than running a search of all nodes, and substantially lightens the load on locally hosted Chef servers. The drawback is that the data is slightly delayed (because the cacher worker must converge first).\n\nTo use the cacher, simply include the `ssh_known_hosts::cacher` cookbook in a wrapper cookbook or run list on a designated worker node.\n\n### Default Recipe\n\nSearches the Chef Server for all hosts that have SSH host keys using `rsa,dsa` key types and generates an `/etc/ssh/ssh_known_hosts`.\n\n#### Adding custom host keys\n\nThere are two ways to add custom host keys. You can either use the resource (see above), or by creating a data bag called \"`ssh_known_hosts`\" and adding an item for each host:\n\n```javascript\n{\n  \"id\": \"github\",\n  \"fqdn\": \"github.com\",\n  \"rsa\": \"github-rsa-host-key\"\n}\n```\n\nThere are additional optional values you may use in the data bag:\n\nAttribute | Description                                         | Example\n--------- | --------------------------------------------------- | -----------------\nid        | a unique id for this data bag entry                 | github\nfqdn      | the fqdn of the host                                | github.com\nrsa       | the rsa key for this server                         | ssh-rsa AAAAB3...\nipaddress | the ipaddress of the node (if fqdn is not supplied) | 1.1.1.1\nhostname  | local hostname of the server (if not a fqdn)        | myserver.local\ndsa       | the dsa key for this server                         | ssh-dsa ABAAC3...\n\n## Attributes\n\nThe following attributes are set on a per-platform basis, see the `attributes/default.rb`.\n\n- `node['ssh_known_hosts']['file']` - Sets up the location of the ssh_known_hosts file for the system. Defaults to '/etc/ssh/ssh_known_hosts'\n- `node['ssh_known_hosts']['key_type']` - Determines which key type ssh-keyscan will use to determine the host key, different systems will have different available key types, check your manpage for available key types for ssh-keyscan. Defaults to 'rsa,dsa'\n- `node['ssh_known_hosts']['use_data_bag_cache']` - Use the data bag maintained by the cacher server to build `/etc/ssh/ssh_known_hosts` instead of a direct search (requires that a node be set up to run the cacher recipe regularly).\n- `node['ssh_known_hosts']['cacher']['data_bag']`/`node['ssh_known_hosts']['cacher']['data_bag_item']` - Data bag where cacher recipe should store its keys.\n- `node['ssh_known_hosts']['node_search_query']` - Additional query string to apply to the search\n\n## License \u0026 Authors\n\n**Author:** Cookbook Engineering Team ([cookbooks@chef.io](mailto:cookbooks@chef.io))\n\n**Copyright:** 2008-2019, Chef Software, Inc.\n\n```\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n    http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchef-cookbooks%2Fssh_known_hosts","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fchef-cookbooks%2Fssh_known_hosts","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchef-cookbooks%2Fssh_known_hosts/lists"}