1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
|
.TH "UPDATE\-OPENSSH\-KNOWN\-HOSTS" "8" "2014\-02\-03" "" ""
.SH NAME
.PP
update\-openssh\-knwon\-hosts \- download, filter and merge known_hosts
for OpenSSH
.SH SYNOPSIS
.PP
\f[I]update\-openssh\-known\-hosts\f[] [\f[I]\-f\f[]]
.SH DESCRIPTION
.PP
update\-openssh\-known\-hosts manages downloading, filtering and
mergeing of ssh_known_hosts files from anywhere into one local file for
use by ssh(1).
.SH OPTIONS
.TP
.B \-f
treat every non\-zero exit from download plugin as an error, see
EXIT_IGNORE below.
.RS
.RE
.SH RETURN VALUES
.PP
Returns zero on success and anything else on error.
.SH ENVIRONMENT
.TP
.B CONFDIR
Configuration directory, defaults to /etc/openssh\-known\-hosts.
Currently there is only a sources subdirectory in it.
.RS
.RE
.TP
.B PLUGIN_PATH
Plugin search path, defaults to
/usr/local/share/openssh\-known\-hosts/plugins:/usr/share/openssh\-known\-hosts/plugins.
.RS
.RE
.TP
.B CACHEDIR
Cache directory, defaults to /var/cache/openssh\-known\-hosts.
.RS
.RE
.TP
.B LOCK
Lockfile path, defaults to /var/lock/openssh\-known\-hosts.
.RS
.RE
.TP
.B OUTFILE
Output file name, defaults to
/var/lib/openssh\-known\-hosts/ssh_known_hosts
.RS
.RE
.SH SOURCE DEFINITIONS
.PP
A source definition is shell snippet dropped into CONFDIR/sources/ with
a run\-parts(8) compliant name.
There are two variables not specific to a download plugin:
.TP
.B PLUGIN
name of the download plugin to use, searched for in PLUGIN_PATH.
.RS
.RE
.TP
.B EXIT_IGNORE
optional space\-seperated list of exitcodes which should be ignored.
Upon such exit code the previously downloaded version is used.
.RS
.RE
.SH DOWNLOAD PLUGINS
.PP
Download plugins are executables dropped into PLUGIN_PATH and referenced
via the PLUGIN variable in the source definition.
A plugin gets the variables set in the source definition in its
environment.
The working directory will be set to the source\[aq]s cache directory.
Everything a plugin has to do is to create a file named "new".
"current" must not be touched but can be used as a hint to skip
downloading the same file again.
stdout and stderr will be connected to "log", which will be output on
error.
Plugins needn\[aq]t create "new" if it would be identical to "current".
.SH HOSTNAME FILTERS
.PP
Place a file foo.filter next to your source definition foo.
Each line shall contain a rule consisting of an action, a space and a
pattern.
The first rule with a matching pattern decides: If the action starts
with a, o, p or y (for accept, admit, allow, ok, pass, permit, print,
yes, ...) the hostname will be used, otherwise it is discarded.
If a key has no hostnames left it is discarded as a whole.
.SH SEE ALSO
.PP
ssh(1), sshd(8), ssh_config(5), curl(1), rsync(1), psql(1),
run\-parts(8)
.SH AUTHORS
Timo Weingärtner <timo@tiwe.de>.
|