Merge pull request #27726 from jfindlay/hashhosts

deprecate hash_hostname in favor of hash_known_hosts

salt/modules/ssh.py

@@ -663,16 +663,51 @@ def get_known_host(user, hostname, config=None, port=None):
 
 
 @decorators.which('ssh-keyscan')
-def recv_known_host(hostname, enc=None, port=None, hash_hostname=False):
+def recv_known_host(hostname,
+                    enc=None,
+                    port=None,
+                    hash_hostname=True,
+                    hash_known_hosts=True):
     '''
     Retrieve information about host public key from remote server
 
+    hostname
+        The name of the remote host (e.g. "github.com")
+
+    enc
+        Defines what type of key is being used, can be ed25519, ecdsa ssh-rsa
+        or ssh-dss
+
+    port
+        optional parameter, denoting the port of the remote host, which will be
+        used in case, if the public key will be requested from it. By default
+        the port 22 is used.
+
+    hash_hostname : True
+        Hash all hostnames and addresses in the known hosts file.
+
+        .. deprecated:: Carbon
+
+            Please use hash_known_hosts instead.
+
+    hash_known_hosts : True
+        Hash all hostnames and addresses in the known hosts file.
+
     CLI Example:
 
     .. code-block:: bash
 
         salt '*' ssh.recv_known_host <hostname> enc=<enc> port=<port>
     '''
+
+    if not hash_hostname:
+        salt.utils.warn_until(
+            'Carbon',
+            'The hash_hostname parameter is misleading as ssh-keygen can only '
+            'hash the whole known hosts file, not entries for individual'
+            'hosts. Please use hash_known_hosts=False instead.')
+        hash_known_hosts = hash_hostname
+
     # The following list of OSes have an old version of openssh-clients
     # and thus require the '-t' option for ssh-keyscan
     need_dash_t = ['CentOS-5']
@@ -684,7 +719,7 @@ def recv_known_host(hostname, enc=None, port=None, hash_hostname=False):
         chunks += ['-t', str(enc)]
     if not enc and __grains__.get('osfinger') in need_dash_t:
         chunks += ['-t', 'rsa']
-    if hash_hostname:
+    if hash_known_hosts:
         chunks.append('-H')
     chunks.append(str(hostname))
     cmd = ' '.join(chunks)
@@ -832,11 +867,6 @@ def set_known_host(user=None,
         return {'status': 'error',
                 'error': 'hostname argument required'}
 
-    if port is not None and port != DEFAULT_SSH_PORT and hash_hostname:
-        return {'status': 'error',
-                'error': 'argument port can not be used in '
-                'conjunction with argument hash_hostname'}
-
     if not hash_hostname:
         salt.utils.warn_until(
             'Carbon',
@@ -845,6 +875,11 @@ def set_known_host(user=None,
             'hosts. Please use hash_known_hosts=False instead.')
         hash_known_hosts = hash_hostname
 
+    if port is not None and port != DEFAULT_SSH_PORT and hash_known_hosts:
+        return {'status': 'error',
+                'error': 'argument port can not be used in '
+                'conjunction with argument hash_known_hosts'}
+
     update_required = False
     stored_host = get_known_host(user, hostname, config, port)
 
@@ -862,7 +897,7 @@ def set_known_host(user=None,
         remote_host = recv_known_host(hostname,
                                       enc=enc,
                                       port=port,
-                                      hash_hostname=hash_hostname)
+                                      hash_known_hosts=hash_known_hosts)
         if not remote_host:
             return {'status': 'error',
                     'error': 'Unable to receive remote host key'}
@@ -884,7 +919,7 @@ def set_known_host(user=None,
     if key:
         remote_host = {'hostname': hostname, 'enc': enc, 'key': key}
 
-    if hash_hostname or port == DEFAULT_SSH_PORT:
+    if hash_known_hosts or port == DEFAULT_SSH_PORT:
         line = '{hostname} {enc} {key}\n'.format(**remote_host)
     else:
         remote_host['port'] = port