Generating ssh known hosts

e298721c · Goik Martin · c7429f2b · e298721c
Commit e298721c authored 9 months ago by Goik Martin
--- a/Doc/Sdi/CloudProvider/gettingStarted.xml
+++ b/Doc/Sdi/CloudProvider/gettingStarted.xml
@@ -852,21 +852,6 @@ runcmd:
    created $(date -u)" &gt;&gt; /var/www/html/index.html</programlisting>
    </figure>
-    <figure xml:id="sdi_cloudProvider_cloudInit_kownHostsDuplicateProblem">
-      <title>Duplicate known_hosts entry on re-creating server</title>
-      <para>Problem of repeated <command
-      linkend="glo_Terraform">terraform</command>
-      <option>apply</option>:</para>
-      <screen>$ ssh root@128.140.108.60
-@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
-@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
-@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
-IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
-Someone could be eavesdropping on you right now (<emphasis role="red">man-in-the-middle attack</emphasis>)!</screen>
-    </figure>
    <figure xml:id="sdi_cloudProvider_cloudInit_watchOutForBadGuys">
      <title>Watch out for your enemies!</title>
@@ -1109,6 +1094,64 @@ Status for the jail: sshd
        </qandaentry>
      </qandadiv>
    </qandaset>
+    <figure xml:id="sdi_cloudProvider_cloudInit_kownHostsDuplicateProblem">
+      <title>Problem: Duplicate <filename>known_hosts</filename> entry on
+      re-creating server</title>
+      <para>Problem of repeated <command
+      linkend="glo_Terraform">terraform</command>
+      <option>apply</option>:</para>
+      <screen>$ ssh root@128.140.108.60
+@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
+@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
+Someone could be eavesdropping on you right now (<emphasis role="red">man-in-the-middle attack</emphasis>)!</screen>
+    </figure>
+    <figure xml:id="sdi_cloudProvider_cloudInit_generateKnownHosts">
+      <title>Solution: Generating <filename>known_hosts</filename> ...</title>
+      <programlisting language="tf">resource "local_file" "known_hosts" {
+  content         = "${hcloud_server.helloServer.ipv4_address} ...
+                      ... ${tls_private_key.host.public_key_openssh}"
+  filename        = "gen/known_hosts"
+  file_permission = "644"
+}</programlisting>
+    </figure>
+    <figure xml:id="sdi_cloudProvider_cloudInit_generateSshWrapper">
+      <title>... and <command>ssh</command> wrapper</title>
+      <informaltable border="1">
+        <tr>
+          <th><filename>main.tf</filename></th>
+          <th><filename><emphasis
+          role="red">tpl/ssh.sh</emphasis></filename></th>
+        </tr>
+        <tr>
+          <td valign="top"><programlisting language="tf">resource "local_file" "ssh_script" {
+  content = templatefile("<emphasis role="red">tpl/ssh.sh</emphasis>", {
+    <emphasis role="green">ip</emphasis>=hcloud_server.hello.ipv4_address
+  })
+  filename        = "<emphasis role="blue">bin/ssh</emphasis>"
+  file_permission = "700"
+  depends_on      = [local_file.known_hosts]
+}</programlisting></td>
+          <td valign="top"><programlisting language="bash">#!/usr/bin/env bash
+GEN_DIR=$(dirname "$0")/../gen
+ssh -o UserKnownHostsFile= \
+  "$GEN_DIR/known_hosts" devops@<emphasis role="green">${ip}</emphasis> "$@"</programlisting></td>
+        </tr>
+      </informaltable>
+    </figure>
  </section>
  <section xml:id="sdi_cloudProvider_volume">