turn off StrictHostKeyChecking for vagrant ssh clients

2 files changed, 27 insertions, 2 deletions

diff --git a/puppet/modules/site_sshd/templates/ssh_config.erb b/puppet/modules/site_sshd/templates/ssh_config.erb
new file mode 100644
index 00000000..7e967413
--- /dev/null
+++ b/puppet/modules/site_sshd/templates/ssh_config.erb
@@ -0,0 +1,23 @@
+# This file is generated by Puppet
+# This is the ssh client system-wide configuration file.  See
+# ssh_config(5) for more information.  This file provides defaults for
+# users, and the values can be changed in per-user configuration files
+# or on the command line.
+
+Host *
+    SendEnv LANG LC_*
+    HashKnownHosts yes
+    GSSAPIAuthentication yes
+    GSSAPIDelegateCredentials no
+<% if scope.lookupvar('::site_config::params::environment') == 'local' -%>
+    #
+    # Vagrant nodes should have strict host key checking
+    # turned off. The problem is that the host key for a vagrant
+    # node is specific to the particular instance of the vagrant
+    # node you have running locally. For this reason, we can't
+    # track the host keys, or your host key for vpn1 would conflict
+    # with my host key for vpn1.
+    #
+    StrictHostKeyChecking no
+<% end -%>
+
diff --git a/puppet/modules/site_sshd/templates/ssh_known_hosts.erb b/puppet/modules/site_sshd/templates/ssh_known_hosts.erb
index c5a71378..002ab732 100644
--- a/puppet/modules/site_sshd/templates/ssh_known_hosts.erb
+++ b/puppet/modules/site_sshd/templates/ssh_known_hosts.erb
@@ -1,5 +1,7 @@
 # This file is generated by Puppet
 
-<% hosts.sort.each do |name, hash| -%>
-<%=name%>,<%=hash['domain_full']%>,<%=hash['domain_internal']%>,<%=hash['ip_address']%> <%=hash['host_pub_key']%>
+<% @hosts.sort.each do |name, hash| -%>
+<%   if hash['host_pub_key'] -%>
+<%=    name%>,<%=hash['domain_full']%>,<%=hash['domain_internal']%>,<%=hash['ip_address']%> <%=hash['host_pub_key']%>
+<%   end -%>
 <% end -%>