From e803e229910ed2d7830c591b4171fdda3601051d Mon Sep 17 00:00:00 2001 From: "J.P. Krauss" Date: Thu, 14 Aug 2025 08:05:15 -0700 Subject: [PATCH] feat: improve handling of additional SSH host patterns --- action.yml | 6 ++++++ entrypoint.sh | 18 ++++++++++++++++-- 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/action.yml b/action.yml index 5b37fbe..b710484 100644 --- a/action.yml +++ b/action.yml @@ -16,6 +16,12 @@ inputs: pki_provisioner_password: description: The PKI provisioner password required: true + pki_additional_hosts: + description: Additional host patterns which use the SSH Host Key (space separated) + required: false + known_hosts: + description: Additinoal raw lines to add to the known_hosts file + required: false playbook: description: Ansible playbook filepath required: true diff --git a/entrypoint.sh b/entrypoint.sh index 6e04abd..d5cd7e1 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -39,8 +39,22 @@ echo "Bootstrapped PKI at ${INPUT_PKI_CA_URL}" # Obtain the Host Certificate [ ! -d ~/.ssh ] && mkdir ~/.ssh -echo "@cert-authority * $(step ssh config --host --roots)" > ~/.ssh/known_hosts -echo "Obtained SSH Host Certificate Authority" +host_ca_cert=$(step ssh config --host --roots) +echo "@cert-authority *.kraussnet.com ${host_ca_cert}" > ~/.ssh/known_hosts +if [ ! -z "${INPUT_PKI_ADDITIONAL_HOSTS:-}" ] ; then + echo "***" + echo "${INPUT_PKI_ADDITIONAL_HOSTS}" + echo "***" + for host in $(echo ${INPUT_PKI_ADDITIONAL_HOSTS}) ; do + echo "@cert-authority ${host} ${host_ca_cert}" >> ~/.ssh/known_hosts + echo "Registered ${host} to use KraussNet SSH @cert-authority" + done +fi +if [ ! -z "${INPUT_KNOWN_HOSTS:-}" ] ; then + echo "${INPUT_KNOWN_HOSTS}" >> ~/.ssh/known_hosts +fi +echo "Registered SSH Host Certificate Authority" +cat ~/.ssh/known_hosts # Obtain a User Certificate for Ansible token=$(step ca token "${user_cert_subject}" --ssh --provisioner "${provisioner_name}" --provisioner-password-file <(printf "${provisioner_password}"))