SSH: Add global known hosts

README.md

@@ -8,7 +8,7 @@ This role is compatible with Debian based systems, macOS, CentOS (no development
 Requirements
 ------------
 
-Have a user set up on the machine, to which you can connecto via a ssh key.
+Have a user set up on the machine, to which you can connect to via a ssh key.
 This user must also have sudo right without asking for a password!
 (e.g. using `%sudo ALL=(ALL) NOPASSWD:ALL` when editing the sudoers file with `sudo visudo`)
 
@@ -31,6 +31,9 @@ The User Setup will change the user shell and global gitconfig. This can be disa
 - `usersetup_virtualenvwrapper`: Boolean to enable the virtualenvwrapper plugin in oh-my-zsh (default: false)
 - `usersetup_vimplugins`: Boolean to enable installing my VIM plugins (default: true)
 
+The SSH Setup will add some global known host keys.
+Additional keys can be specified by providing a list in `ssh_known_hosts`.
+
 The development environment for different programming languages can be setup automatically.
 To enable, that Visual Studio Code will be installed and configured, set `user_vscode` to true, otherwise only the bare development toolchain will be installed.
 For a GUI/ Desktop machine, you can enable to install and configure VS Code:

tasks/main.yml

@@ -26,3 +26,7 @@
 # run this for every maintenance/ update cycle
 - name: Apply user settings
   ansible.builtin.import_tasks: usersettings.yml
+
+# run this for every maintenance/ update cycle
+- name: Apply SSH client settings
+  ansible.builtin.import_tasks: sshsettings.yml

tasks/sshsettings.yml

@@ -0,0 +1,23 @@
+---
+# Common/SSH Setting: Universal SSH client settings
+
+- name: Sshsettings - Add global config
+  become: true
+  tags: common_ssh
+  ansible.builtin.copy:
+    dest: /etc/ssh/ssh_config.d/global-known-hosts
+    mode: "0644"
+    owner: root
+    content: |
+      Host *
+        GlobalKnownHostsFile {{ ssh_client_global_known_hosts_file }}
+        VerifyHostKeyDNS yes
+
+- name: Sshsettings - Add global known_hosts
+  become: true
+  tags: common_ssh
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/ssh_known_hosts.j2"
+    dest: "{{ ssh_client_global_known_hosts_file }}"
+    mode: "0644"
+    owner: root

tasks/usersettings.yml

@@ -1,5 +1,5 @@
 ---
-# Common/Usersettings: Universial Dotfiles. Update regularly.
+# Common/Usersettings: Universal Dotfiles. Update regularly.
 
 - name: Usersettings - Install required tools
   become: "{{ ansible_facts['os_family'] != 'Darwin' }}"
@@ -75,10 +75,7 @@
         src: "{{ role_path }}/files/_gitignore_global",
         dest: "{{ ansible_facts['user_dir'] }}/.gitignore_global",
       }
-    - {
-        src: "{{ role_path }}/files/_config/mpv.conf",
-        dest: "{{ ansible_facts['user_dir'] }}/.config/mpv/",
-      }
+    - { src: "{{ role_path }}/files/_config/mpv.conf", dest: "{{ ansible_facts['user_dir'] }}/.config/mpv/" }
     - {
         src: "{{ role_path }}/files/_oh-my-zsh/jtbx.zsh-theme",
         dest: "{{ ansible_facts['user_dir'] }}/.oh-my-zsh/custom/themes/jtbx.zsh-theme",
@@ -148,10 +145,7 @@
             repo: "https://github.com/itchyny/lightline.vim",
             dest: "{{ ansible_facts['user_dir'] }}/.vim/bundle/lightline",
           }
-        - {
-            repo: "https://github.com/w0rp/ale",
-            dest: "{{ ansible_facts['user_dir'] }}/.vim/bundle/ale",
-          }
+        - { repo: "https://github.com/w0rp/ale", dest: "{{ ansible_facts['user_dir'] }}/.vim/bundle/ale" }
         - {
             repo: "https://github.com/airblade/vim-gitgutter",
             dest: "{{ ansible_facts['user_dir'] }}/.vim/bundle/vim-gitgutter",

templates/ssh_known_hosts.j2

@@ -0,0 +1,17 @@
+github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
+github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
+github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
+hetzner-01.h.jtbx.de ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6cTbO4lpXINQyS/txsNvlEfOBM1OJNA5juhYjNQi3H
+hetzner-01.h.jtbx.de ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBH+iulBjErw8LDQOUir5oz254EriG8bKmsSQ3hVcByNdMVkMqPKsd5fpBdoOYMsuhA+MnTPQppHCBxXUtNVE/Bg=
+hetzner-01.h.jtbx.de ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDbHQL9/R+rlP10jC6UZkWNr1qL+h+XiYiptkSxMXQm+LV6TEu1OH91opNjrGTlTPeQVt6Y10MPWUIhxJ4oNkHH31JsXnxwDKiFDW/TIOCBFcqafWWbszaxVUFavfiaUbqq+YMSJoBWLitW2pXd8g95bY1EyTT1if1fd2E+a8k9KQ/i0aSnpZGOL8rpvLw+0kULFu0iMBrhBf0YVfNA1zO59c2C3nyTGnGuJAeiPV7j6buhRxLl+u+LhjEC+RG6/zWFPdT0Wui3giAPzhlEoKrdPqmqGBEcLXer3x01mY902zlgOOQM3+kzh9MBQvYO0gGa+DvaSz/Pr12cF2/fvrbn
+[git.beyerstedt.de]:4022 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFcj7LCgH81ZHyXzzQAMx35EQbOyw4NIB313l+/axbHK
+[git.beyerstedt.de]:4022 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGSVuwt4ZTrLQ5JEUOJTnN5VJwICxOSs3pxRXJDowp+dEIfdGo/1+4fVtE6pD+nf4gWGSSBXluygJRUIhudrBnk=
+[git.beyerstedt.de]:4022 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCcZbbh2s20jh2pR8bp0G1Eb9Dv0EKnalNcrDtT3OoZIyxqQxq29sF1A5KASHwrvohU+uBTdPoBJU4JLho5Az8nukZ7HABd4Z3vTTBTPo1nzisX7cbt08TOa3BhsTLrta+8ShZcoamyQ0G+yy466lf3M0PWzHxOU1lbvGOFgt4s5haBB08Mycpa3EbqmrrhIJCkApAZmzTkY/OVnYpeSa8P//LbpvROZQAAT4Q0sjLbHgj1FvXg8meKIhe65eoAp+AVeuZXIiuBSmFh6d2h8bmu9xS6fTJnmidTD3SPupYe/mJRLkm/TA9nRcDsxrvfd9P5gwwe7ySRpg+Qe+sx000F
+kvm-nuc.fritz.box ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILGt/VAAC70WFV6GMXf0vsMANvfLH5JxJnvV8rESs6QP
+kvm-nuc.fritz.box ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLYrkG2v8MitGH0yEGxzHhPP64kB9b5fbZn7S9UiUpVmMRCJ6bH1kq9FsJhnTvikjJjZMy1ysF1VqMwbbnzS4vw=
+kvm-nuc.fritz.box ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCYZh31MzprFBtSJEZ7yT0GLcsY1ugCya/1BPZVtKBuzJClvbenr1W+3JCIVCJ4QELwzNbFNmkD5GiqhvXM0mcYfLmkthXMnUG4ZFAGg4LayDsfsZAMsS1nSVjOi3H/lz1aB6JdZ+2OCcyxnpDnGdBak/DxPTiHZj7UJ9abddhX8kqR77Atwr4d2yYwLL5/Emil4+/HVCv/wQqwvyna9s+LNU0r0rLN3rlenOyb7HVEbPGdiCGTpOhA6mZRf0tqbmBFKe4c2ddd4HGpB8lvaNZbrUTLlgHmf1ta72b+uCfWpnmgoLrM8WjFiHynYuIc+CXDlvc72BEMsI23OusrXoi+z/DhgYXNjOJRvzadb1TZ2tC+e0MXYAhDxJ8pE9ZE2hSSOytdirUhyTQtJ3S7fv8Ktjrtq5vn9LRwFaKScDJWCpX4CMZ/fl7T377FyR/sNYXy7O5AT/DQCnUEX2ekd++aeXA0GxzAQlSS2lZk9lilqOSw6UDYglSWxORerkC2QUc=
+{% if ssh_known_hosts is defined %}
+{% for item in ssh_known_hosts %}
+{{ item }}
+{% endfor %}
+{% endif %}

vars/main.yml

@@ -0,0 +1,2 @@
+---
+ssh_client_global_known_hosts_file: /etc/ssh/ssh_known_hosts