1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
|
.\" Automatically generated by Pandoc 2.9.2.1
.\"
.TH "UPDATE-OPENSSH-KNOWN-HOSTS" "8" "2014-02-03" "" ""
.hy
.SH NAME
.PP
update-openssh-knwon-hosts - download, filter and merge known_hosts for
OpenSSH
.SH SYNOPSIS
.PP
\f[I]update-openssh-known-hosts\f[R] [\f[I]-f\f[R]]
.SH DESCRIPTION
.PP
update-openssh-known-hosts manages downloading, filtering and mergeing
of ssh_known_hosts files from anywhere into one local file for use by
ssh(1).
.SH OPTIONS
.TP
-f
treat every non-zero exit from download plugin as an error, see
EXIT_IGNORE below.
.SH RETURN VALUES
.PP
Returns zero on success and anything else on error.
.SH ENVIRONMENT
.TP
CONFDIR
Configuration directory, defaults to /etc/openssh-known-hosts.
Currently there is only a sources subdirectory in it.
.TP
PLUGIN_PATH
Plugin search path, defaults to
/usr/local/share/openssh-known-hosts/plugins:/usr/share/openssh-known-hosts/plugins.
.TP
CACHEDIR
Cache directory, defaults to /var/cache/openssh-known-hosts.
.TP
LOCK
Lockfile path, defaults to /var/lock/openssh-known-hosts.
.TP
OUTFILE
Output file name, defaults to
/var/lib/openssh-known-hosts/ssh_known_hosts
.SH SOURCE DEFINITIONS
.PP
A source definition is shell snippet dropped into CONFDIR/sources/ with
a run-parts(8) compliant name.
There are two variables not specific to a download plugin:
.TP
PLUGIN
name of the download plugin to use, searched for in PLUGIN_PATH.
.TP
EXIT_IGNORE
optional space-seperated list of exitcodes which should be ignored.
Upon such exit code the previously downloaded version is used.
.SH DOWNLOAD PLUGINS
.PP
Download plugins are executables dropped into PLUGIN_PATH and referenced
via the PLUGIN variable in the source definition.
A plugin gets the variables set in the source definition in its
environment.
The working directory will be set to the source\[cq]s cache directory.
Everything a plugin has to do is to create a file named \[lq]new\[rq].
\[lq]current\[rq] must not be touched but can be used as a hint to skip
downloading the same file again.
stdout and stderr will be connected to \[lq]log\[rq], which will be
output on error.
Plugins needn\[cq]t create \[lq]new\[rq] if it would be identical to
\[lq]current\[rq].
.SH HOSTNAME FILTERS
.PP
Place a file foo.filter next to your source definition foo.
Each line shall contain a rule consisting of an action, a space and a
pattern.
The first rule with a matching pattern decides: If the action starts
with a, o, p or y (for accept, admit, allow, ok, pass, permit, print,
yes, \&...) the hostname will be used, otherwise it is discarded.
If a key has no hostnames left it is discarded as a whole.
.SH SEE ALSO
.PP
ssh(1), sshd(8), ssh_config(5), curl(1), rsync(1), psql(1), run-parts(8)
.SH AUTHORS
Timo Weing\[:a]rtner <timo@tiwe.de>.
|
