hostkey collection
Currently, in order to collect host keys all hosts have to be online, because only then the necessary facts about all hosts are available to assemble the ssh_known_hosts
file. Obviously, our ssh_known_hosts
file tends to be very old and far away from the current status.
There are several ideas on how to fix this:
- enable facts caching
- implement caching specifically for host keys
- implement a host key certificate authority and sign keys upon creation
Additionally it should be easy for users (esp. administrators) to obtain the most up to date keys for usage on their own notebook.