Skip to content

Latest commit

 

History

History
61 lines (41 loc) · 2.37 KB

README.md

File metadata and controls

61 lines (41 loc) · 2.37 KB

sshauthkeys

sshauthkeys is a simple and lightweight wrapper for puppet's ssh_authorized_key. While "ssh_authorized_key" by default is not able to enroll the same key for different users (without tweaking), sshauthkeys allows you to easily add one ssh auth key to multiple login users and keep your configution clean.

Installation

Put the project in your puppet's modules directory and make sure it's named "sshauthkeys". E.g.:

$ cd /etc/puppet/modules
$ git clone git://github.com/damokles/puppet-sshauthkeys.git sshauthkeys

Usage

sshauthkeys is a simple define based wrapper. It expects a nested hashmap named "$ssh_keys" containing your ssh keys (see example below). Each key needs an identifier (an email address is fine), a type (ssh-rsa/ssh-dsa) and the key itself (without the comment part).

sshauthkeys defines the key(s) for a user. You can call it with the name of single key or with an array containing multiple key identifiers.

# declare ssh keys in nested hashmap for later usage
$ssh_keys = {
        "[email protected]" => {
                "type" => "ssh-rsa",
                "key" => "key-content", },
        "[email protected]" => {
                "type" => "ssh-dsa",
                "key" => "key-content", },
        "[email protected]" => {
                "type" => "ssh-dsa",
                "key" => "key-content", },
}

# just enroll one key for root user
sshauthkeys{ root: keys => '[email protected]' }

# enroll multiple keys for a user
sshauthkeys{ user: keys => [ '[email protected]','[email protected]'] }

# if you want to reuse a team, make it an array for multiple defines 
$team = [ '[email protected]', '[email protected]' ]
sshauthkeys{ user2: keys => $team }
sshauthkeys{ user3: keys => $team }

Please note: sshauthkeys is define based so you can only call "sshauthkeys" for a user exactly once. If you want to enroll multiple keys for one user you have to put them in an array to make sure you only need one sshauthkeys call.

Todo

There is already support for "absent" keys by calling sshauthkeys like

    sshauthkeys{ root: keys => '[email protected]', ensure: 'absent' }

Currently you cannot mix absent and present keys besides not being able to call sshauthkeys more than one time for a user - so this feature is quite useless yet.

Author

sshauthkeys is developed and maintained by Caspar Clemens Mierau [email protected]