16.135. cdist-type__ssh_authorized_keys(7)¶
16.135.1. NAME¶
cdist-type__ssh_authorized_keys - Manage ssh authorized_keys files
16.135.2. DESCRIPTION¶
Adds or removes ssh keys from a authorized_keys file.
This type uses the __ssh_dot_ssh type to manage the directory containing the authorized_keys file. You can disable this feature with the --noparent boolean parameter.
The existence, ownership and permissions of the authorized_keys file itself are also managed. This can be disabled with the --nofile boolean parameter. It is then left to the user to ensure that the file exists and that ownership and permissions work with ssh.
16.135.3. REQUIRED PARAMETERS¶
- key
- the ssh key which shall be added to this authorized_keys file. Must be a string and can be specified multiple times.
16.135.4. OPTIONAL PARAMETERS¶
- comment
- explicit comment instead of the one which may be trailing the given key
- file
- an alternative destination file, defaults to ~$owner/.ssh/authorized_keys
- option
- an option to set for all created authorized_key entries. Can be specified multiple times. See sshd(8) for available options.
- owner
- the user owning the authorized_keys file, defaults to object_id.
- state
- if the given keys should be 'present' or 'absent', defaults to 'present'.
16.135.5. BOOLEAN PARAMETERS¶
- noparent
- don't create or change ownership and permissions of the directory containing the authorized_keys file
- nofile
- don't manage existence, ownership and permissions of the the authorized_keys file
16.135.6. EXAMPLES¶
# add your ssh key to remote root's authorized_keys file
__ssh_authorized_keys root \
--key "$(cat ~/.ssh/id_rsa.pub)"
# allow key to login as user-name
__ssh_authorized_keys user-name \
--key "ssh-rsa AXYZAAB3NzaC1yc2..."
# allow key to login as user-name with options and expicit comment
__ssh_authorized_keys user-name \
--key "ssh-rsa AXYZAAB3NzaC1yc2..." \
--option no-agent-forwarding \
--option 'from="*.example.com"' \
--comment 'backup server'
# same as above, but with explicit owner and two keys
# note that the options are set for all given keys
__ssh_authorized_keys some-fancy-id \
--owner user-name \
--key "ssh-rsa AXYZAAB3NzaC1yc2..." \
--key "ssh-rsa AZXYAAB3NzaC1yc2..." \
--option no-agent-forwarding \
--option 'from="*.example.com"' \
--comment 'backup server'
# authorized_keys file in non standard location
__ssh_authorized_keys some-fancy-id \
--file /etc/ssh/keys/user-name/authorized_keys \
--owner user-name \
--key "ssh-rsa AXYZAAB3NzaC1yc2..."
# same as above, but directory and authorized_keys file is created elswhere
__ssh_authorized_keys some-fancy-id \
--file /etc/ssh/keys/user-name/authorized_keys \
--owner user-name \
--noparent \
--nofile \
--key "ssh-rsa AXYZAAB3NzaC1yc2..."
16.135.7. SEE ALSO¶
sshd(8)
16.135.8. AUTHORS¶
Steven Armstrong <steven-cdist--@--armstrong.cc>
16.135.9. COPYING¶
Copyright (C) 2012-2014 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.