DragonFly On-Line Manual Pages

Search: Section:  

KNIFE-SSL-CHECK(1)              knife ssl check             KNIFE-SSL-CHECK(1)


NAME

       knife-ssl-check - The man page for the knife ssl check subcommand.

       The knife ssl check subcommand is used to verify the SSL configuration
       for the Enterprise Chef and/or Open Source Chef servers, or at another
       location specified by a URL or URI.

       WARNING:
          When verification of a remote server's SSL certificate is disabled,
          the chef-client will issue a warning similar to "SSL validation of
          HTTPS requests is disabled. HTTPS connections are still encrypted,
          but the chef-client is not able to detect forged replies or
          man-in-the-middle attacks." To configure SSL for the chef-client,
          set ssl_verify_mode to :verify_peer (recommended) or verify_api_cert
          to true in the client.rb file.

       Syntax

       This subcommand has the following syntax:

          $ knife ssl check URI

       Options

       This subcommand has the following options:

       -a SSH_ATTR, --attribute SSH_ATTR
              The attribute that is used when opening the SSH connection. The
              default attribute is the FQDN of the host. Other possible values
              include a public IP address, a private IP address, or a
              hostname.

       -A, --forward-agent
              Use to enable SSH agent forwarding.

       -c CONFIG_FILE, --config CONFIG_FILE
              The configuration file to use.

       -C NUM, --concurrency NUM
              The number of allowed concurrent connections.

       --chef-zero-port PORT
              The port on which chef-zero will listen.

       --[no-]color
              Use to view colored output.

       -d, --disable-editing
              Use to prevent the $EDITOR from being opened and to accept data
              as-is.

       --defaults
              Use to have Knife use the default value instead of asking a user
              to provide one.

       -e EDITOR, --editor EDITOR
              The $EDITOR that is used for all interactive commands.

       -E ENVIRONMENT, --environment ENVIRONMENT
              The name of the environment. When this option is added to a
              command, the command will run only against the named
              environment.

       -F FORMAT, --format FORMAT
              The output format: summary (default), text, json, yaml, and pp.

       -G GATEWAY, --ssh-gateway GATEWAY
              The SSH tunnel or gateway that is used to run a bootstrap action
              on a machine that is not accessible from the workstation.

       -h, --help
              Shows help for the command.

       -i IDENTITY_FILE, --identity-file IDENTIFY_FILE
              The SSH identity file used for authentication. Key-based
              authentication is recommended.

       -k KEY, --key KEY
              The private key that Knife will use to sign requests made by the
              API client to the Chef server.

       -m, --manual-list
              Use to define a search query as a space-separated list of
              servers. If there is more than one item in the list, put quotes
              around the entire list. For example: --manual-list "server01
              server 02 server 03"

       --[no-]host-key-verify
              Use --no-host-key-verify to disable host key verification.
              Default setting: --host-key-verify.

       OTHER  The shell type. Possible values: interactive, screen, tmux,
              macterm, or cssh. (csshx is deprecated in favor of cssh.)

       -p PORT, --ssh-port PORT
              The SSH port.

       -P PASSWORD, --ssh-password PASSWORD
              The SSH password. This can be used to pass the password directly
              on the command line. If this option is not specified (and a
              password is required) Knife will prompt for the password.

       --print-after
              Use to show data after a destructive operation.

       -s URL, --server-url URL
              The URL for the Chef server.

       SEARCH_QUERY
              The search query used to return a list of servers to be accessed
              using SSH and the specified SSH_COMMAND. This option uses the
              same syntax as the search sub-command.

       SSH_COMMAND
              The command that will be run against the results of a search
              query.

       -u USER, --user USER
              The user name used by Knife to sign requests made by the API
              client to the Chef server. Authentication will fail if the user
              name does not match the private key.

       -v, --version
              The version of the chef-client.

       -V, --verbose
              Set for more verbose outputs. Use -VV for maximum verbosity.

       -x USER_NAME, --ssh-user USER_NAME
              The SSH user name.

       -y, --yes
              Use to respond to all confirmation prompts with "Yes". Knife
              will not ask for confirmation.

       -z, --local-mode
              Use to run the chef-client in local mode. This allows all
              commands that work against the Chef server to also work against
              the local chef-repo.

       Examples

       The following examples show how to use this Knife subcommand:

       Verify the SSL configuration for the Chef server

          $ knife ssl check

       Verify the SSL configuration for the chef-client

          $ knife ssl check -c /etc/chef/client.rb

       Verify an external server's SSL certificate

          $ knife ssl check URL_or_URI

       for example:

          $ knife ssl check https://www.getchef.com


AUTHOR

       Chef

                                  Chef 11.14                KNIFE-SSL-CHECK(1)

Search: Section: