1 |
sshkeys puppet module |
2 |
===================== |
3 |
|
4 |
The sshkeys puppet module allow the creation and installation of ssh keys. |
5 |
|
6 |
|
7 |
How it works |
8 |
============ |
9 |
|
10 |
With the sshkeys module, you define a key that will be generated on the |
11 |
puppet master. You define where this key should be installed, for the |
12 |
client key pair, and for the authorized_keys. |
13 |
|
14 |
When the key has not been generated yet, you may need to run puppet |
15 |
twice. The key will be generated on the first run, and installed on the |
16 |
second run. |
17 |
|
18 |
|
19 |
Usage |
20 |
===== |
21 |
|
22 |
In order to tell which node will generate the keys, you need to include |
23 |
the `sshkeys::keymaster` class on the puppet master node:: |
24 |
|
25 |
include sshkeys::keymaster |
26 |
|
27 |
Before installing the key, we need to create it. This is done with the |
28 |
`create_key` ressource, on the puppet master node. We can create the key |
29 |
`key1`:: |
30 |
|
31 |
sshkeys::create_key{key1: } |
32 |
|
33 |
If we want to install the `key1` key pair for user `user1`, we can use |
34 |
the `set_client_key_pair` ressource:: |
35 |
|
36 |
sshkeys::set_client_key_pair{'key1-for-user1': |
37 |
keyname => 'key1', |
38 |
home => '/home/user1', |
39 |
user => 'user1', |
40 |
} |
41 |
|
42 |
The `key1` private and public keys should now be installed for user |
43 |
`user1` on the node on which we created this ressource. |
44 |
|
45 |
If we want to allow the key `key1` to connect to the `user2` account, |
46 |
we use the `set_authorized_keys` ressource:: |
47 |
|
48 |
sshkeys::set_authorized_keys{'key1-to-user2': |
49 |
keyname => 'key1', |
50 |
user => 'user2', |
51 |
home => '/home/user2', |
52 |
} |
53 |
|
54 |
Now, `user1` should have the `key1` key pair installed on his account, |
55 |
and be able to login to the `user2` account. |
56 |
|
57 |
|
58 |
License |
59 |
======= |
60 |
|
61 |
This module is released under the GNU General Public License version 3: |
62 |
http://www.gnu.org/licenses/gpl-3.0.txt |
63 |
|
64 |
|
65 |
Authors |
66 |
======= |
67 |
|
68 |
The sshkeys module is based on the ssh::auth module written by |
69 |
Andrew E. Schulman <andrex at alumni dot utexas dot net>. |
70 |
|
71 |
The original ssh::auth module is available at this URL : |
72 |
http://projects.puppetlabs.com/projects/1/wiki/Module_Ssh_Auth_Patterns |
73 |
|