forked from ungleich-public/cdist
ffd2935cc4
- add support for authorized_keys options see sshd(8) - add support for explicit comment after key - do not allow a key to exist more then once in an authorized_keys file - remove all conflicting keys Signed-off-by: Steven Armstrong <steven@icarus.ethz.ch>
117 lines
3.3 KiB
Text
117 lines
3.3 KiB
Text
cdist-type__ssh_authorized_keys(7)
|
|
==================================
|
|
Steven Armstrong <steven-cdist--@--armstrong.cc>
|
|
|
|
|
|
NAME
|
|
----
|
|
cdist-type__ssh_authorized_keys - manage ssh authorized_keys files
|
|
|
|
|
|
DESCRIPTION
|
|
-----------
|
|
Adds or removes ssh keys from a authorized_keys file.
|
|
|
|
This type uses the __ssh_dot_ssh type to manage the directory containing
|
|
the authorized_keys file. You can disable this feature with the --noparent
|
|
boolean parameter.
|
|
|
|
The existence, ownership and permissions of the authorized_keys file itself are
|
|
also managed. This can be disabled with the --nofile boolean parameter. It is
|
|
then left to the user to ensure that the file exists and that ownership and
|
|
permissions work with ssh.
|
|
|
|
|
|
REQUIRED PARAMETERS
|
|
-------------------
|
|
key::
|
|
the ssh key which shall be added to this authorized_keys file.
|
|
Must be a string and can be specified multiple times.
|
|
|
|
|
|
OPTIONAL PARAMETERS
|
|
-------------------
|
|
comment::
|
|
explicit comment instead of the one which may be trailing the given key
|
|
|
|
file::
|
|
an alternative destination file, defaults to ~$owner/.ssh/authorized_keys
|
|
|
|
option::
|
|
an option to set for all created authorized_key entries.
|
|
Can be specified multiple times.
|
|
See sshd(8) for available options.
|
|
|
|
owner::
|
|
the user owning the authorized_keys file, defaults to object_id.
|
|
|
|
state::
|
|
if the given keys should be 'present' or 'absent', defaults to 'present'.
|
|
|
|
|
|
BOOLEAN PARAMETERS
|
|
------------------
|
|
noparent::
|
|
don't create or change ownership and permissions of the directory containing
|
|
the authorized_keys file
|
|
|
|
nofile::
|
|
don't manage existence, ownership and permissions of the the authorized_keys
|
|
file
|
|
|
|
|
|
EXAMPLES
|
|
--------
|
|
|
|
--------------------------------------------------------------------------------
|
|
# add your ssh key to remote root's authorized_keys file
|
|
__ssh_authorized_keys root \
|
|
--key "$(cat ~/.ssh/id_rsa.pub)"
|
|
|
|
# allow key to login as user-name
|
|
__ssh_authorized_keys user-name \
|
|
--key "ssh-rsa AXYZAAB3NzaC1yc2..."
|
|
|
|
# allow key to login as user-name with options and expicit comment
|
|
__ssh_authorized_keys user-name \
|
|
--key "ssh-rsa AXYZAAB3NzaC1yc2..." \
|
|
--option no-agent-forwarding \
|
|
--option 'from="*.example.com"' \
|
|
--comment 'backup server'
|
|
|
|
# same as above, but with explicit owner and two keys
|
|
# note that the options are set for all given keys
|
|
__ssh_authorized_keys some-fancy-id \
|
|
--owner user-name \
|
|
--key "ssh-rsa AXYZAAB3NzaC1yc2..." \
|
|
--key "ssh-rsa AZXYAAB3NzaC1yc2..." \
|
|
--option no-agent-forwarding \
|
|
--option 'from="*.example.com"' \
|
|
--comment 'backup server'
|
|
|
|
# authorized_keys file in non standard location
|
|
__ssh_authorized_keys some-fancy-id \
|
|
--file /etc/ssh/keys/user-name/authorized_keys \
|
|
--owner user-name \
|
|
--key "ssh-rsa AXYZAAB3NzaC1yc2..."
|
|
|
|
# same as above, but directory and authorized_keys file is created elswhere
|
|
__ssh_authorized_keys some-fancy-id \
|
|
--file /etc/ssh/keys/user-name/authorized_keys \
|
|
--owner user-name \
|
|
--noparent \
|
|
--nofile \
|
|
--key "ssh-rsa AXYZAAB3NzaC1yc2..."
|
|
--------------------------------------------------------------------------------
|
|
|
|
|
|
SEE ALSO
|
|
--------
|
|
- cdist-type(7)
|
|
- sshd(8)
|
|
|
|
|
|
COPYING
|
|
-------
|
|
Copyright \(C) 2012-2014 Steven Armstrong. Free use of this software is
|
|
granted under the terms of the GNU General Public License version 3 (GPLv3).
|