From 83267a00f272a6f3f52a66eca44d9ca85924cc8e Mon Sep 17 00:00:00 2001 From: elijah Date: Tue, 25 Nov 2014 16:25:43 -0800 Subject: include a host information in ssh_config for ever possible host a given node might communicate with. this includes port and host key algorithm. closes #6432 --- provider_base/lib/macros/hosts.rb | 7 ++++++- puppet/modules/site_sshd/templates/ssh_config.erb | 17 +++++++++++++++++ 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/provider_base/lib/macros/hosts.rb b/provider_base/lib/macros/hosts.rb index 8a4058a5..8281329f 100644 --- a/provider_base/lib/macros/hosts.rb +++ b/provider_base/lib/macros/hosts.rb @@ -42,7 +42,12 @@ module LeapCli hosts = {} my_location = @node['location'] ? @node['location']['name'] : nil nodes.each_node do |node| - hosts[node.name] = {'ip_address' => node.ip_address, 'domain_internal' => node.domain.internal, 'domain_full' => node.domain.full} + hosts[node.name] = { + 'ip_address' => node.ip_address, + 'domain_internal' => node.domain.internal, + 'domain_full' => node.domain.full, + 'port' => node.ssh.port + } node_location = node['location'] ? node['location']['name'] : nil if my_location == node_location if facts = @node.manager.facts[node.name] diff --git a/puppet/modules/site_sshd/templates/ssh_config.erb b/puppet/modules/site_sshd/templates/ssh_config.erb index 7e967413..36c0b6d5 100644 --- a/puppet/modules/site_sshd/templates/ssh_config.erb +++ b/puppet/modules/site_sshd/templates/ssh_config.erb @@ -21,3 +21,20 @@ Host * StrictHostKeyChecking no <% end -%> +# +# Tell SSH what host key algorithm we should use. I don't understand why this +# is needed, since the man page says that "if hostkeys are known for the +# destination host then [HostKeyAlgorithms default] is modified to prefer +# their algorithms." +# + +<% @hosts.sort.each do |name, host| -%> +Host <%= name %> <%= host['domain_full'] %> <%= host['domain_internal'] %> <%= host['ip_address'] %> +<% if host['host_pub_key'] -%> +HostKeyAlgorithms <%= host['host_pub_key'].split(" ").first %> +<% end -%> +<% if host['port'] -%> +Port <%= host['port'] %> +<% end -%> + +<% end -%> -- cgit v1.2.3