jtopjian-sshkeys

Release 2.1.0

Module to manage SSH public keys as facter facts

Repository Puppet Puppet Download

Keywords
ssh, puppetdb
License
Apache-2.0
Install
puppet module install jtopjian-sshkeys --version 2.1.0

Documentation

sshkeys puppet module

The sshkeys puppet module creates, shares, and installs SSH keys.

Important!

This module recently went through a large change and is not compatible with previous versions.

You can access the old version in the v1 branch or the 1.0.0 tag.

How it works

This module contains two facts:

sshpubkey_

This fact publishes all default SSH keys for all users found in /etc/passwd.

By using PuppetDB, all keys are then recorded in the database. Other nodes (and tools) are then able to query PuppetDB and obtain the public key for the user.

home_

This fact publishes the homedir for all users found in /etc/passwd. This fact is used to help locate a certain user's home directory.

In addition to those two facts, an optional third fact can be created:

$ cat /etc/facter/facts.d/homedir_users.yaml
---
homedir_users:
  - root
  - jdoe

If this fact exists, then only the users specified will have their home directory and ssh public key exported via facter. This is useful in cases where /home is automounted and parsing all users will mount all home directories. It's also useful if you just don't want everyone's public key exported.

Limitations

  • Only the default id_rsa or id_dsa public key is shared -- this module is unable to handle multiple keys at this time.
  • Users are expected to be managed outside of this module.

Usage

Create a SSH key for a user (this is optional):

sshkeys::create_ssh_key { 'root':
  ssh_keytype => 'dsa',
}

The default bit lengths are 2048 for rsa and 1024 for dsa. To override the defaults, use the ssh_bitlength parameter.

Once created, Facter will expose the public key via the fact sshpubkey_root.

To allow root@server1 to access root@server2:

sshkeys::set_authorized_key { 'root@server1 to root@server2':
  local_user  => 'root',
  remote_user => 'root@server1',
}

Now, root@server2 will have root@server1's public key added to its ~/.ssh/authorized_keys file thus allowing root@server1 to log into server2 as root without a password.

Dependencies

This module requires:

Credits

This module was lightly based off of Boklm's module. I used this module frequently before changing to a PuppetDB/Facter-based solution. Some of the code was used in my version.

Stats

Dependencies
2
Dependent packages
6
Dependent repositories
0
Total releases
4
Latest release
First release
Stars
9
Forks
19
Watchers
2
Contributors
8
Repository size
45.9 KB
SourceRank
12

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

2.1.0
2.0.1
1.0.0
0.5.0

Contributors

Joe Topjian esalberg Alex Crowe Luc Henninot Francois Laupretre Cillier Burger Lienhart Woitok Adam Ryczkowski


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2017-09-12 18:09:06 UTC

Login to resync this project