Merge "bridge: Disable writing known_hosts files"

2022-12-01 22:54:43 +00:00 · 2022-12-01 22:54:43 +00:00 · 76fc51c3b0
commit 76fc51c3b0
parent 4d1ce65f01 24a1528fac
1 changed files with 9 additions and 0 deletions
--- a/playbooks/roles/add-inventory-known-hosts/tasks/main.yaml
+++ b/playbooks/roles/add-inventory-known-hosts/tasks/main.yaml
@ -29,3 +29,12 @@
    group: root
    mode: 0644
    create: yes
+
+# Disable writing out known_hosts globally on the bastion host.
+# Nothing on this host should be connecting to somewhere not codified
+# above; this prevents us possibly hiding that by caching values.
+- name: Disable known_hosts caching
+  lineinfile:
+    path: /etc/ssh/ssh_config
+    regexp: 'UserKnownHostsFile'
+    line: '    UserKnownHostsFile /dev/null'