salt.states.ssh_known_hosts¶

Control of SSH known_hosts entries¶

Manage the information stored in the known_hosts files.

github.com:
  ssh_known_hosts:
    - present
    - user: root
    - fingerprint: 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48

example.com:
  ssh_known_hosts:
    - absent
    - user: root

salt.states.ssh_known_hosts.absent(name, user=None, config=None)¶

Verifies that the specified host is not known by the given user

name: The host name
user: The user who owns the ssh authorized keys file to modify
config: The location of the authorized keys file relative to the user's home directory, defaults to ".ssh/known_hosts". If no user is specified, defaults to "/etc/ssh/ssh_known_hosts". If present, must be an absolute path when a user is not specified.

salt.states.ssh_known_hosts.present(name, user=None, fingerprint=None, key=None, port=None, enc=None, config=None, hash_hostname=True, hash_known_hosts=True, timeout=5)¶

Verifies that the specified host is known by the specified user

On many systems, specifically those running with openssh 4 or older, the enc option must be set, only openssh 5 and above can detect the key type.

name: The name of the remote host (e.g. "github.com")
user: The user who owns the ssh authorized keys file to modify
fingerprint: The fingerprint of the key which must be present in the known_hosts file (optional if key specified)
key: The public key which must be present in the known_hosts file (optional if fingerprint specified)
port: optional parameter, port which will be used to when requesting the public key from the remote host, defaults to port 22.
enc: Defines what type of key is being used, can be ed25519, ecdsa ssh-rsa or ssh-dss
config: The location of the authorized keys file relative to the user's home directory, defaults to ".ssh/known_hosts". If no user is specified, defaults to "/etc/ssh/ssh_known_hosts". If present, must be an absolute path when a user is not specified.
hash_hostname : True: Hash all hostnames and addresses in the known hosts file.

Carbon 版后已移除: Please use hash_known_hosts instead.
hash_known_hosts : True: Hash all hostnames and addresses in the known hosts file.
timeout : int: Set the timeout for connection attempts. If timeout seconds have elapsed since a connection was initiated to a host or since the last time anything was read from that host, then the connection is closed and the host in question considered unavailable. Default is 5 seconds.

2016.3.0 新版功能.