6

I would like to add github.com to the known_hosts file from the command line as I am creating a puppet manifest to provision a remote server.

I have tried:

"ssh-keyscan -H github.com > /home/ubuntu/.ssh/known_hosts"

But when the server tries to access github:

Failed to add the RSA host key for IP address '207.97.227.239' to the list of known hosts (/home/ubuntu/.ssh/known_hosts).

I've also tried:

"ssh-keyscan -H github.com,207.97.227.239 > /home/ubuntu/.ssh/known_hosts"`

But accessing github throws:

Host key verification failed.

I'm sure this is of no additional use but if I ssh my server and then ssh github and follow the steps I get the following message Permanently added 'github.com,207.97.227.239' (RSA) to the list of known hosts and then it will work perfectly.

Thanks

Improve this question
2
  • 1
    The 'failed to add' message indicates there could be a permissions issue on /home/ubuntu/.ssh/known_hosts. Is it writable by your user? Commented Jul 19, 2012 at 17:29
  • You would most likely want >> to append instead of > to overwrite. Commented Jul 20, 2012 at 15:12

2 Answers 2

Reset to default
9

We handle this problem by putting the known_hosts file on the puppet server and serving the file directly out of puppet:

file{ "/home/appuser/.ssh/known_hosts": owner => "appuser", group => "appuser", mode => 755, source => "puppet:///modules/ssh/known_hosts", require => File["/home/appuser"]; }

This copies the correctly formatted known_hosts file from the puppet repo, sets the user accordingly, and ensures it has correct permissions. Works well for us.

Improve this answer
5
  • 4
    Out of curiosity, why are you not using the sshkey resource to publish key(s) directly to the system wide known_hosts file? Commented Jul 19, 2012 at 18:38
  • @Zoredache Because I'd never heard of that facility before. Commented Jul 19, 2012 at 18:43
  • 3
    Ah, I like the sshkey better then replacing the entire file since it allows me to add/remove individual keys and still permitting local changes, which is somewhat needed in my environment. Commented Jul 19, 2012 at 18:50
  • 1
    Thanks that work a treat! @Zoredache sshkey looks great but it would be nice if it would let you specify directory/file name! Commented Jul 20, 2012 at 7:28
  • 1
    sshkey does let you specify the directory/file name. Just use target => "fullpath/to/filename" Commented Jan 14, 2013 at 18:46
3

This is mentioned in the comments to the accepted answer, but I just ran into this and thought that this much cleaner solution deserves its own answer.

Puppet's core sshkey type installs keys into the server-wide /etc/ssh/ssh_known_hosts file without having to clobber the whole file. For this case:

sshkey {'github': name => 'github.com', ensure => present, key => '[GitHub key (just the part after ssh-rsa, starting with AAA)]', type => 'ssh-rsa', }

Will install it nicely.

Improve this answer

You must log in to answer this question.