NAME

       update-openssh-knwon-hosts - download, filter and merge known_hosts for OpenSSH

SYNOPSIS

       update-openssh-known-hosts [-f]

DESCRIPTION

       update-openssh-known-hosts manages downloading, filtering and mergeing of ssh_known_hosts files from any‐
       where into one local file for use by ssh(1).

OPTIONS

       -f     treat every non-zero exit from download plugin as an error, see EXIT_IGNORE below.

RETURN VALUES

       Returns zero on success and anything else on error.

ENVIRONMENT

       CONFDIR
              Configuration  directory, defaults to /etc/openssh-known-hosts.  Currently there is only a sources
              subdirectory in it.

       PLUGIN_PATH
              Plugin search path, defaults  to  /usr/local/share/openssh-known-hosts/plugins:/usr/share/openssh-
              known-hosts/plugins.

       CACHEDIR
              Cache directory, defaults to /var/cache/openssh-known-hosts.

       LOCK   Lockfile path, defaults to /var/lock/openssh-known-hosts.

       OUTFILE
              Output file name, defaults to /var/lib/openssh-known-hosts/ssh_known_hosts

SOURCE DEFINITIONS

       A  source  definition  is shell snippet dropped into CONFDIR/sources/ with a run-parts(8) compliant name.
       There are two variables not specific to a download plugin:

       PLUGIN name of the download plugin to use, searched for in PLUGIN_PATH.

       EXIT_IGNORE
              optional space-seperated list of exitcodes which should be ignored.  Upon such exit code the  pre‐
              viously downloaded version is used.

DOWNLOAD PLUGINS

       Download  plugins  are executables dropped into PLUGIN_PATH and referenced via the PLUGIN variable in the
       source definition.  A plugin gets the variables set in the source definition  in  its  environment.   The
       working  directory will be set to the source’s cache directory.  Everything a plugin has to do is to cre‐
       ate a file named “new”.  “current” must not be touched but can be used as a hint to skip downloading  the
       same  file  again.  stdout and stderr will be connected to “log”, which will be output on error.  Plugins
       needn’t create “new” if it would be identical to “current”.

HOSTNAME FILTERS

       Place a file foo.filter next to your source definition foo.  Each line shall contain a rule consisting of
       an action, a space and a pattern.  The first rule with a matching pattern decides: If the  action  starts
       with  a,  o,  p  or  y (for accept, admit, allow, ok, pass, permit, print, yes, ...) the hostname will be
       used, otherwise it is discarded.  If a key has no hostnames left it is discarded as a whole.

SEE ALSO

       ssh(1), sshd(8), ssh_config(5), curl(1), rsync(1), psql(1), run-parts(8)

AUTHORS

       Timo Weingärtner <timo@tiwe.de>.

                                                   2014-02-03                      UPDATE-OPENSSH-KNOWN-HOSTS(8)