feat: improve handling of additional SSH host patterns

action.yml

@@ -16,6 +16,12 @@ inputs:
   pki_provisioner_password:
     description: The PKI provisioner password
     required: true
+  pki_additional_hosts:
+    description: Additional host patterns which use the SSH Host Key (space separated)
+    required: false
+  known_hosts:
+    description: Additinoal raw lines to add to the known_hosts file
+    required: false
   playbook:
     description: Ansible playbook filepath
     required: true

entrypoint.sh

@@ -39,8 +39,22 @@ echo "Bootstrapped PKI at ${INPUT_PKI_CA_URL}"
 
 # Obtain the Host Certificate
 [ ! -d ~/.ssh ] && mkdir ~/.ssh
-echo "@cert-authority * $(step ssh config --host --roots)" > ~/.ssh/known_hosts
+host_ca_cert=$(step ssh config --host --roots)
-echo "Obtained SSH Host Certificate Authority"
+echo "@cert-authority *.kraussnet.com ${host_ca_cert}" > ~/.ssh/known_hosts
+if [ ! -z "${INPUT_PKI_ADDITIONAL_HOSTS:-}" ] ; then
+    echo "***"
+    echo "${INPUT_PKI_ADDITIONAL_HOSTS}"
+    echo "***"
+    for host in $(echo ${INPUT_PKI_ADDITIONAL_HOSTS}) ; do
+        echo "@cert-authority ${host} ${host_ca_cert}" >> ~/.ssh/known_hosts
+        echo "Registered ${host} to use KraussNet SSH @cert-authority"
+    done
+fi
+if [ ! -z "${INPUT_KNOWN_HOSTS:-}" ] ; then
+    echo "${INPUT_KNOWN_HOSTS}" >> ~/.ssh/known_hosts
+fi
+echo "Registered SSH Host Certificate Authority"
+cat ~/.ssh/known_hosts
 
 # Obtain a User Certificate for Ansible
 token=$(step ca token "${user_cert_subject}" --ssh --provisioner "${provisioner_name}" --provisioner-password-file <(printf "${provisioner_password}"))