Known_Hosts

Parses SSH known_hosts files

Author: Raphaël Pinson rap.nosp@m.hink@gmai.nosp@m.l.com

Summary
Known_HostsParses SSH known_hosts files
ReferenceThis lens manages OpenSSH’s known_hosts files.
LicenseThis file is licenced under the LGPL v2+, like the rest of Augeas.
Lens Usage
Configuration filesThis lens applies to SSH known_hosts files.
Augeas Lenses
markerThe marker is optional, but if it is present then it must be one of “@cert-authority”, to indicate that the line contains a certification authority (CA) key, or “@revoked”, to indicate that the key contained on the line is revoked and must not ever be accepted.
typeBits, exponent, and modulus are taken directly from the RSA host key; they can be obtained, for example, from /etc/ssh/ssh_host_key.pub.
entryA known_hosts entry
lnsThe known_hosts lens
Augeas Variables
filter

Reference

This lens manages OpenSSH’s known_hosts files.  See `man 8 sshd` for reference.

License

This file is licenced under the LGPL v2+, like the rest of Augeas.

Lens Usage

Sample usage of this lens in augtool

  • Get a key by name from ssh_known_hosts
print /files/etc/ssh_known_hosts/*[.="foo.example.com"]

...

  • Change a host’s key
set /files/etc/ssh_known_hosts/*[.="foo.example.com"]/key "newkey"

Configuration files

This lens applies to SSH known_hosts files.  See filter.

Augeas Lenses

marker

let marker = [ key /@(revoked|cert-authority)/ . Sep.space ]

The marker is optional, but if it is present then it must be one of “@cert-authority”, to indicate that the line contains a certification authority (CA) key, or “@revoked”, to indicate that the key contained on the line is revoked and must not ever be accepted.  Only one marker should be used on a key line.

type

let type = [ label "type" . store Rx.neg1 ]

Bits, exponent, and modulus are taken directly from the RSA host key; they can be obtained, for example, from /etc/ssh/ssh_host_key.pub.  The optional comment field continues to the end of the line, and is not used.

entry

let entry = let alias = [ label "alias" . store Rx.neg1 ] in let key = [ label "key" . store Rx.neg1 ] in [ Util.indent . seq "entry" . marker? . store Rx.neg1 . (Sep.comma . Build.opt_list alias Sep.comma)? . Sep.space . type . Sep.space . key . Util.comment_or_eol ]

A known_hosts entry

lns

let lns = (Util.empty | Util.comment | entry)*

The known_hosts lens

Augeas Variables

filter

let marker = [ key /@(revoked|cert-authority)/ . Sep.space ]
The marker is optional, but if it is present then it must be one of “@cert-authority”, to indicate that the line contains a certification authority (CA) key, or “@revoked”, to indicate that the key contained on the line is revoked and must not ever be accepted.
let type = [ label "type" . store Rx.neg1 ]
Bits, exponent, and modulus are taken directly from the RSA host key; they can be obtained, for example, from /etc/ssh/ssh_host_key.pub.
let entry = let alias = [ label "alias" . store Rx.neg1 ] in let key = [ label "key" . store Rx.neg1 ] in [ Util.indent . seq "entry" . marker? . store Rx.neg1 . (Sep.comma . Build.opt_list alias Sep.comma)? . Sep.space . type . Sep.space . key . Util.comment_or_eol ]
A known_hosts entry
let lns = (Util.empty | Util.comment | entry)*
The known_hosts lens
Close