cdist-web/src/extra/manual/3.0.6/man7/cdist-type__ssh_authorized_keys.html

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>cdist-type__ssh_authorized_keys(7)</title><link rel="stylesheet" type="text/css" href="docbook-xsl.css" /><meta name="generator" content="DocBook XSL Stylesheets V1.78.1" /></head><body><div xml:lang="en" class="article" lang="en"><div class="titlepage"><div><div><h2 class="title"><a id="idm140077855606480"></a>cdist-type__ssh_authorized_keys(7)</h2></div><div><div class="author"><h3 class="author"><span class="firstname">Steven</span> <span class="surname">Armstrong</span></h3><code class="email">&lt;<a class="email" href="mailto:steven-cdist--@--armstrong.cc">steven-cdist--@--armstrong.cc</a>&gt;</code></div></div></div><hr /></div><div class="toc"><p><strong>Table of Contents</strong></p><dl class="toc"><dt><span class="section"><a href="#_name">1. NAME</a></span></dt><dt><span class="section"><a href="#_description">2. DESCRIPTION</a></span></dt><dt><span class="section"><a href="#_required_parameters">3. REQUIRED PARAMETERS</a></span></dt><dt><span class="section"><a href="#_optional_parameters">4. OPTIONAL PARAMETERS</a></span></dt><dt><span class="section"><a href="#_boolean_parameters">5. BOOLEAN PARAMETERS</a></span></dt><dt><span class="section"><a href="#_examples">6. EXAMPLES</a></span></dt><dt><span class="section"><a href="#_see_also">7. SEE ALSO</a></span></dt><dt><span class="section"><a href="#_copying">8. COPYING</a></span></dt></dl></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="_name"></a>1. NAME</h2></div></div></div><p>cdist-type__ssh_authorized_keys - manage ssh authorized_keys files</p></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="_description"></a>2. DESCRIPTION</h2></div></div></div><p>Adds or removes ssh keys from a authorized_keys file.</p><p>This type also manages the directory containing the authorized_keys
file and sets strict ownership and permissions. You can disable this feature
with the --noparent boolean parameter.</p><p>The existence, ownership and permissions of the authorized_keys file itself are
also managed. This can be disabled with the --nofile boolean parameter. It is
then left to the user to ensure that the file exists and that ownership and
permissions work with ssh.</p></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="_required_parameters"></a>3. REQUIRED PARAMETERS</h2></div></div></div><div class="variablelist"><dl class="variablelist"><dt><span class="term">
key
</span></dt><dd>
   the ssh key which shall be added to this authorized_keys file.
   Must be a string and can be specified multiple times.
</dd></dl></div></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="_optional_parameters"></a>4. OPTIONAL PARAMETERS</h2></div></div></div><div class="variablelist"><dl class="variablelist"><dt><span class="term">
owner
</span></dt><dd>
   the user owning the authorized_keys file, defaults to object_id.
</dd><dt><span class="term">
state
</span></dt><dd>
   if the given keys should be <span class="emphasis"><em>present</em></span> or <span class="emphasis"><em>absent</em></span>, defaults to <span class="emphasis"><em>present</em></span>.
</dd><dt><span class="term">
file
</span></dt><dd>
   an alternative destination file, defaults to ~$owner/.ssh/authorized_keys
</dd><dt><span class="term">
comment
</span></dt><dd>
   an optional comment
</dd></dl></div></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="_boolean_parameters"></a>5. BOOLEAN PARAMETERS</h2></div></div></div><div class="variablelist"><dl class="variablelist"><dt><span class="term">
noparent
</span></dt><dd>
   don’t create or change ownership and permissions of the directory containing
   the authorized_keys file
</dd><dt><span class="term">
nofile
</span></dt><dd>
   don’t manage existence, ownership and permissions of the the authorized_keys
   file
</dd></dl></div></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="_examples"></a>6. EXAMPLES</h2></div></div></div><pre class="screen"># add your ssh key to remote root's authorized_keys file
__ssh_authorized_keys root \
   --key "$(cat ~/.ssh/id_rsa.pub)"

# allow key to login as user-name
__ssh_authorized_keys user-name \
   --key "ssh-rsa AXYZAAB3NzaC1yc2..."

# same as above, but with explicit owner, two keys and a comment
__ssh_authorized_keys some-fancy-id \
   --owner user-name \
   --key "ssh-rsa AXYZAAB3NzaC1yc2..." \
   --key "ssh-rsa AZXYAAB3NzaC1yc2..." \
   --comment "allow the members of project foo to login"

# same as above, but authorized_keys file in non standard location
__ssh_authorized_keys some-fancy-id \
   --file /etc/ssh/keys/user-name/authorized_keys \
   --owner user-name \
   --key "ssh-rsa AXYZAAB3NzaC1yc2..."

# same as above, but directory and authorized_keys file is created elswhere
__ssh_authorized_keys some-fancy-id \
   --file /etc/ssh/keys/user-name/authorized_keys \
   --owner user-name \
   --noparent \
   --nofile \
   --key "ssh-rsa AXYZAAB3NzaC1yc2..."</pre></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="_see_also"></a>7. SEE ALSO</h2></div></div></div><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
cdist-type(7)
</li></ul></div></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="_copying"></a>8. COPYING</h2></div></div></div><p>Copyright (C) 2012 Steven Armstrong. Free use of this software is
granted under the terms of the GNU General Public License version 3 (GPLv3).</p></div></div></body></html>