.\" Automatically generated by Pandoc 2.9.2.1 .\" .TH "UPDATE-OPENSSH-KNOWN-HOSTS" "8" "2014-02-03" "" "" .hy .SH NAME .PP update-openssh-knwon-hosts - download, filter and merge known_hosts for OpenSSH .SH SYNOPSIS .PP \f[I]update-openssh-known-hosts\f[R] [\f[I]-f\f[R]] .SH DESCRIPTION .PP update-openssh-known-hosts manages downloading, filtering and mergeing of ssh_known_hosts files from anywhere into one local file for use by ssh(1). .SH OPTIONS .TP -f treat every non-zero exit from download plugin as an error, see EXIT_IGNORE below. .SH RETURN VALUES .PP Returns zero on success and anything else on error. .SH ENVIRONMENT .TP CONFDIR Configuration directory, defaults to /etc/openssh-known-hosts. Currently there is only a sources subdirectory in it. .TP PLUGIN_PATH Plugin search path, defaults to /usr/local/share/openssh-known-hosts/plugins:/usr/share/openssh-known-hosts/plugins. .TP CACHEDIR Cache directory, defaults to /var/cache/openssh-known-hosts. .TP LOCK Lockfile path, defaults to /var/lock/openssh-known-hosts. .TP OUTFILE Output file name, defaults to /var/lib/openssh-known-hosts/ssh_known_hosts .SH SOURCE DEFINITIONS .PP A source definition is shell snippet dropped into CONFDIR/sources/ with a run-parts(8) compliant name. There are two variables not specific to a download plugin: .TP PLUGIN name of the download plugin to use, searched for in PLUGIN_PATH. .TP EXIT_IGNORE optional space-seperated list of exitcodes which should be ignored. Upon such exit code the previously downloaded version is used. .SH DOWNLOAD PLUGINS .PP Download plugins are executables dropped into PLUGIN_PATH and referenced via the PLUGIN variable in the source definition. A plugin gets the variables set in the source definition in its environment. The working directory will be set to the source\[cq]s cache directory. Everything a plugin has to do is to create a file named \[lq]new\[rq]. \[lq]current\[rq] must not be touched but can be used as a hint to skip downloading the same file again. stdout and stderr will be connected to \[lq]log\[rq], which will be output on error. Plugins needn\[cq]t create \[lq]new\[rq] if it would be identical to \[lq]current\[rq]. .SH HOSTNAME FILTERS .PP Place a file foo.filter next to your source definition foo. Each line shall contain a rule consisting of an action, a space and a pattern. The first rule with a matching pattern decides: If the action starts with a, o, p or y (for accept, admit, allow, ok, pass, permit, print, yes, \&...) the hostname will be used, otherwise it is discarded. If a key has no hostnames left it is discarded as a whole. .SH SEE ALSO .PP ssh(1), sshd(8), ssh_config(5), curl(1), rsync(1), psql(1), run-parts(8) .SH AUTHORS Timo Weing\[:a]rtner .