/usr/share/augeas/lenses/dist/known_hosts.aug is in augeas-lenses 1.10.1-2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 | (*
Module: Known_Hosts
Parses SSH known_hosts files
Author: Raphaël Pinson <raphink@gmail.com>
About: Reference
This lens manages OpenSSH's known_hosts files. See `man 8 sshd` for reference.
About: License
This file is licenced under the LGPL v2+, like the rest of Augeas.
About: Lens Usage
Sample usage of this lens in augtool:
* Get a key by name from ssh_known_hosts
> print /files/etc/ssh_known_hosts/*[.="foo.example.com"]
...
* Change a host's key
> set /files/etc/ssh_known_hosts/*[.="foo.example.com"]/key "newkey"
About: Configuration files
This lens applies to SSH known_hosts files. See <filter>.
*)
module Known_Hosts =
autoload xfm
(* View: marker
The marker is optional, but if it is present then it must be one of
“@cert-authority”, to indicate that the line contains a certification
authority (CA) key, or “@revoked”, to indicate that the key contained
on the line is revoked and must not ever be accepted.
Only one marker should be used on a key line.
*)
let marker = [ key /@(revoked|cert-authority)/ . Sep.space ]
(* View: type
Bits, exponent, and modulus are taken directly from the RSA host key;
they can be obtained, for example, from /etc/ssh/ssh_host_key.pub.
The optional comment field continues to the end of the line, and is not used.
*)
let type = [ label "type" . store Rx.neg1 ]
(* View: entry
A known_hosts entry *)
let entry =
let alias = [ label "alias" . store Rx.neg1 ]
in let key = [ label "key" . store Rx.neg1 ]
in [ Util.indent . seq "entry" . marker?
. store Rx.neg1
. (Sep.comma . Build.opt_list alias Sep.comma)?
. Sep.space . type . Sep.space . key
. Util.comment_or_eol ]
(* View: lns
The known_hosts lens *)
let lns = (Util.empty | Util.comment | entry)*
(* Variable: filter *)
let filter = incl "/etc/ssh/ssh_known_hosts"
. incl (Sys.getenv("HOME") . "/.ssh/known_hosts")
let xfm = transform lns filter
|