'\" t
.\" Title: sss_ssh_knownhosts
.\" Author: The SSSD upstream - https://github.com/SSSD/sssd/
.\" Generator: DocBook XSL Stylesheets vsnapshot
.\" Date: 01/01/2025
.\" Manual: SSSD Manual pages
.\" Source: SSSD
.\" Language: English
.\"
.TH "SSS_SSH_KNOWNHOSTS" "1" "01/01/2025" "SSSD" "SSSD Manual pages"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
sss_ssh_knownhosts \- get OpenSSH known hosts public keys
.SH "SYNOPSIS"
.HP \w'\fBsss_ssh_knownhosts\fR\ 'u
\fBsss_ssh_knownhosts\fR [\fIoptions\fR] \fIHOST\fR
.SH "DESCRIPTION"
.PP
\fBsss_ssh_knownhosts\fR
acquires SSH public keys for host
\fIHOST\fR
and outputs them in OpenSSH known_hosts key format (see the
\(lqSSH_KNOWN_HOSTS FILE FORMAT\(rq
section of
\fBsshd\fR(8)
for more information)\&.
.PP
\fBssh\fR(1)
can be configured to use
\fBsss_ssh_knownhosts\fR
for public key host authentication using the
\(lqKnownHostsCommand\(rq
option:
.sp
.if n \{\
.RS 4
.\}
.nf
KnownHostsCommand /usr/bin/sss_ssh_knownhosts %H
.fi
.if n \{\
.RE
.\}
.sp
Please refer to the
\fBssh_config\fR(5)
man page for more details about this option\&.
.SH "OPTIONS"
.PP
\fB\-d\fR,\fB\-\-domain\fR \fIDOMAIN\fR
.RS 4
Search for host public keys in SSSD domain
\fIDOMAIN\fR\&.
.RE
.PP
\fB\-o\fR,\fB\-\-only\-host\-name\fR
.RS 4
When the keys retrieved from the backend do not include the hostname, this tool will add the unmodified hostname as provided by the caller\&. If this flag is set, only the hostname (no port number) will be added to the keys\&.
.RE
.PP
\fB\-?\fR,\fB\-\-help\fR
.RS 4
Display help message and exit\&.
.RE
.SH "KEY RETRIEVAL"
.PP
The key lines retrieved from the backend are expected to respect the key format as decribed in the
\(lqSSH_KNOWN_HOSTS FILE FORMAT\(rq
section of
\fBsshd\fR(8)\&. However, returning only the keytype and the key itself is tolerated, in which case, the hostname received as parameter will be added before the keytype to output a correctly formatted line\&. The hostname will be added unmodified or just the hostname (no port number), depending on whether the
\fB\-o\fR,\fB\-\-only\-host\-name\fR
option was provided\&.
.PP
When the SSH server is listening on a non\-default port, the backend MUST provide the hostname including the port number in the correct format and position as part of the key line\&. For example, the minimal key line would be:
.sp
.if n \{\
.RS 4
.\}
.nf
[canonical\&.host\&.name]:2222
.fi
.if n \{\
.RE
.\}
.sp
.SH "EXIT STATUS"
.PP
In case of successful execution, even if no key was found, 0 is returned\&. 1 is returned in case of error\&.
.SH "SEE ALSO"
.PP
\fBsssd\fR(8),
\fBsssd.conf\fR(5),
\fBsssd-ldap\fR(5),
\fBsssd-ldap-attributes\fR(5),
\fBsssd-krb5\fR(5),
\fBsssd-simple\fR(5),
\fBsssd-ipa\fR(5),
\fBsssd-ad\fR(5),
\fBsssd-files\fR(5),
\fBsssd-sudo\fR(5),
\fBsssd-session-recording\fR(5),
\fBsss_cache\fR(8),
\fBsss_debuglevel\fR(8),
\fBsss_obfuscate\fR(8),
\fBsss_seed\fR(8),
\fBsssd_krb5_locator_plugin\fR(8),
\fBsss_ssh_authorizedkeys\fR(1), \fBsss_ssh_knownhosts\fR(1),
\fBsssd-ifp\fR(5),
\fBpam_sss\fR(8)\&.
\fBsss_rpcidmapd\fR(5)
.SH "AUTHORS"
.PP
\fBThe SSSD upstream \- https://github\&.com/SSSD/sssd/\fR