cdist-type__ssh_authorized_keys - Manage ssh authorized_keys files

Steven Armstrong <steven-cdist--@--armstrong.cc>

noparent Don't create or change ownership and permissions of the directory containing the authorized_keys file. nofile Don't manage existence, ownership and permissions of the the authorized_keys file. remove-unknown Remove undefined keys.

Copyright (C) 2012-2014 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

ungleich GmbH 2021 7.0.0 Sep 11, 2024 CDIST-TYPE__SSH_AUTHORIZED_KEYS(7)

Adds or removes ssh keys from a authorized_keys file. This type uses the __ssh_dot_ssh type to manage the directory containing the authorized_keys file. You can disable this feature with the --noparent boolean parameter. The existence, ownership and permissions of the authorized_keys file itself are also managed. This can be disabled with the --nofile boolean parameter. It is then left to the user to ensure that the file exists and that ownership and permissions work with ssh.

# add your ssh key to remote root's authorized_keys file __ssh_authorized_keys root \ --key "$(cat ~/.ssh/id_rsa.pub)" # same as above, but make sure your key is only key in # root's authorized_keys file __ssh_authorized_keys root \ --key "$(cat ~/.ssh/id_rsa.pub)" \ --remove-unknown # allow key to login as user-name __ssh_authorized_keys user-name \ --key "ssh-rsa AXYZAAB3NzaC1yc2..." # allow key to login as user-name with options and expicit comment __ssh_authorized_keys user-name \ --key "ssh-rsa AXYZAAB3NzaC1yc2..." \ --option no-agent-forwarding \ --option 'from="*.example.com"' \ --comment 'backup server' # same as above, but with explicit owner and two keys # note that the options are set for all given keys __ssh_authorized_keys some-fancy-id \ --owner user-name \ --key "ssh-rsa AXYZAAB3NzaC1yc2..." \ --key "ssh-rsa AZXYAAB3NzaC1yc2..." \ --option no-agent-forwarding \ --option 'from="*.example.com"' \ --comment 'backup server' # authorized_keys file in non standard location __ssh_authorized_keys some-fancy-id \ --file /etc/ssh/keys/user-name/authorized_keys \ --owner user-name \ --key "ssh-rsa AXYZAAB3NzaC1yc2..." # same as above, but directory and authorized_keys file is created elswhere __ssh_authorized_keys some-fancy-id \ --file /etc/ssh/keys/user-name/authorized_keys \ --owner user-name \ --noparent \ --nofile \ --key "ssh-rsa AXYZAAB3NzaC1yc2..."

cdist-type__ssh_authorized_keys - Manage ssh authorized_keys files

comment Use this comment instead of the one which may be trailing in each key. file An alternative destination file, defaults to ~$owner/.ssh/authorized_keys. option An option to set for all authorized_key entries in the key parameter. Can be specified multiple times. See sshd(8) for available options. owner The user owning the authorized_keys file, defaults to object_id. state If the given keys should be 'present' or 'absent', defaults to 'present'.

key An ssh key which shall be managed in this authorized_keys file. Must be a string containing the ssh keytype, base 64 encoded key and optional trailing comment which shall be added to the given authorized_keys file. Can be specified multiple times.

sshd(8)