5 years agoCreate containing error iff it is ~/.ssh master
Matthew Vernon [Wed, 1 Apr 2015 16:06:10 +0000 (17:06 +0100)]
Create containing error iff it is ~/.ssh

5 years agoCorrect tyop
Matthew Vernon [Tue, 31 Mar 2015 16:05:58 +0000 (17:05 +0100)]
Correct tyop

5 years agoDeal with ssh-keygen >6.4 behaviour change
Matthew Vernon [Tue, 31 Mar 2015 15:26:12 +0000 (16:26 +0100)]
Deal with ssh-keygen >6.4 behaviour change

Prior to this commit:

ssh-keygen -F returned 0 (and no output) when no host was found. After
the above commit (which I believe first appeared in release version
6.4), it instead returned 1 and no output. This revised code behaves
correctly with either behaviour. There is currently no other code path
that results in exit(1) and no output.

5 years agoChanges from Brian Coca's review of this module
Matthew Vernon [Fri, 6 Mar 2015 18:18:08 +0000 (18:18 +0000)]
Changes from Brian Coca's review of this module

* change #! line
* rename "host" to "name" [keep as alias]
* make documentation clearer
* imports 1 per line
* use get_bin_path to find ssh-keygen
* key not actually required when removing host

5 years agoMake supplying a key when removing a host optional.
Matthew Vernon [Mon, 2 Mar 2015 16:45:13 +0000 (16:45 +0000)]
Make supplying a key when removing a host optional.

5 years agocorrect check_mode check
Matthew Vernon [Mon, 23 Feb 2015 17:46:32 +0000 (17:46 +0000)]
correct check_mode check

We need the parentheses so the logic performed actually matches that
which is intended (see comment above the modified code).

5 years agoimprove documentation
Matthew Vernon [Fri, 9 Jan 2015 16:18:46 +0000 (16:18 +0000)]
improve documentation

5 years agoEmulate ssh-keygen behaviour when returning a key with >1 hostnames
Matthew Vernon [Fri, 9 Jan 2015 16:17:33 +0000 (16:17 +0000)]
Emulate ssh-keygen behaviour when returning a key with >1 hostnames

ssh-keygen -F returns an entry with only 1 hostname, even if the
known_hosts file contains >1 hostname. This results in false negatives
if the supplied key has >1 hostname in.

To address this, make a single-hostname variant of a multi-hostname
unhashed key.

5 years agohandle an empty line in ssh-keygen return
Matthew Vernon [Fri, 9 Jan 2015 15:59:30 +0000 (15:59 +0000)]
handle an empty line in ssh-keygen return

5 years agonote in docs re requirement for a host to match (i.e. you shouldn't
Matthew Vernon [Fri, 9 Jan 2015 12:29:57 +0000 (12:29 +0000)]
note in docs re requirement for a host to match (i.e. you shouldn't
specify all the keys)

5 years agoAlways use ssh-keygen to check the supplied key
Matthew Vernon [Fri, 9 Jan 2015 12:17:09 +0000 (12:17 +0000)]
Always use ssh-keygen to check the supplied key

Previously, we did the check on un-hashed keys by hand; this was
problematic because a key with more than one host entry
(e.g. foo,foo.com.invalid ssh-rsa...) would never match, so kept
getting added.

Thanks to Jon Warbrick (jw35@cam.ac.uk) for the bug report.

6 years agoUpdate documentation to note that template will be quicker for lots of
Matthew Vernon [Tue, 5 Aug 2014 12:09:30 +0000 (13:09 +0100)]
Update documentation to note that template will be quicker for lots of

6 years agohandle the case where the known_hosts file doesn't exist
Matthew Vernon [Fri, 27 Jun 2014 13:41:37 +0000 (14:41 +0100)]
handle the case where the known_hosts file doesn't exist

6 years agoAdd trailing newline to key data if missing
Matthew Vernon [Fri, 27 Jun 2014 13:35:44 +0000 (14:35 +0100)]
Add trailing newline to key data if missing

Ansible strips the trailing newline from files when passing them as
command arguments; this is unhelpful with ssh public keys. So, add
it back again if needed.

6 years agoAdd version_added, and correct a YAML error
Matthew Vernon [Tue, 17 Jun 2014 12:27:44 +0000 (13:27 +0100)]
Add version_added, and correct a YAML error

6 years agoUpdate documentation a little
Matthew Vernon [Tue, 17 Jun 2014 11:37:33 +0000 (12:37 +0100)]
Update documentation a little

6 years agoAdd copyright note
Matthew Vernon [Tue, 17 Jun 2014 11:23:36 +0000 (12:23 +0100)]
Add copyright note

6 years agoCheck input key matches host; check for matching key in extant file
Matthew Vernon [Tue, 17 Jun 2014 10:56:04 +0000 (11:56 +0100)]
Check input key matches host; check for matching key in extant file

Two big changes in this commit:

i) check (using ssh-keygen for hashed keys) that the host and key
supplied by the user match.
ii) check if the known_hosts file already contains the supplied key

6 years agoUse NamedTemporaryFile
Matthew Vernon [Mon, 16 Jun 2014 16:59:38 +0000 (17:59 +0100)]
Use NamedTemporaryFile

We need the named version so that we can rename it on top of the old
known_hosts file; for the same reason we need to disable the default
delete-on-close behaviour.

6 years agoInitial version
Matthew Vernon [Mon, 16 Jun 2014 09:28:54 +0000 (10:28 +0100)]
Initial version