Forge Home

user_ssh_pubkey

Generate user SSH keys on nodes and make public keys available as facts.

13,253 downloads

7,134 latest version

3.7 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Support the Puppet Community by contributing to this module

You are welcome to contribute to this module by suggesting new features, currency updates, or fixes. Every contribution is valuable to help ensure that the module remains compatible with the latest Puppet versions and continues to meet community needs. Complete the following steps:

  1. Review the module’s contribution guidelines and any licenses. Ensure that your planned contribution aligns with the author’s standards and any legal requirements.
  2. Fork the repository on GitHub, make changes on a branch of your fork, and submit a pull request. The pull request must clearly document your proposed change.

For questions about updating the module, contact the module’s author.

Version information

  • 1.0.0 (latest)
  • 0.2.2
  • 0.2.1
  • 0.2.0
  • 0.1.0
released Oct 24th 2016
This version is compatible with:
  • Puppet Enterprise 3.x
  • Puppet >=3.0.0 <5.0.0
  • , , , , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'wcooley-user_ssh_pubkey', '1.0.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add wcooley-user_ssh_pubkey
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install wcooley-user_ssh_pubkey --version 1.0.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

wcooley/user_ssh_pubkey — version 1.0.0 Oct 24th 2016

Puppet module: user_ssh_pubkey

Build
Status

Generate user SSH keys on nodes and make public keys available as facts. These facts can then be collected as exported resources to populate ssh_authorized_key resources.

Note that, with this workflow, the agent will have to run twice before the keys are available -- facts are collected before resources are created, so the first time through the keypair will be generated and the second time the public key will be available as a fact.

Note, that, also populating the user_ssh_pubkey external fact is (currently) unimplemented.

Facts

Facts with the following formats are created, which correspond with the parameters for the ssh_authorized_key type:

  • <username>_ssh(rsa|dsa|ecdsa|ed25519)key
  • <username>_ssh(rsa|dsa|ecdsa|ed25519)key_comment
  • <username>_ssh(rsa|dsa|ecdsa|ed25519)key_type

The list of users whose public keys are to be collected as facts is configured by the user_ssh_pubkey fact, which can be set using external facts. For example:

$ cat /etc/facter/facts.d/user_ssh_pubkey.yaml
---
user_ssh_pubkey: jensenb,alice,bob

Type

Type user_ssh_pubkey can be used to generate DSA or RSA keys on nodes. Parameters are consistent with parameters for ssh_authorized_key where possible.

Currently this is implemented as a Puppet defined type, which results in an exec type which runs ssh-keygen.

Keys are generated with null passphrases.

Parameters

  • name The SSH key comment. Ideally this would be something like "$user/ssh-$type@$::fqdn"; if so, the user and type parameters can be left unspecified.

  • user namevar The user in whose home directory to create the key.

  • target The absolute filename base to store the private and public keys in. This parameter should generally be avoided, as it breaks the facts.

  • type The key type: "dsa", "rsa", "ecdsa", "ed25519". Note that semantics of this parameter are different from the *_type fact and "type" parameter for ssh_authorized_key.

  • user The user account in which the SSH key should be generated.

  • bits The number of bits in the key. See ssh-keygen(1) for limits.

Example

For the source or client node, generate an SSH key, collect the fact and create an exported ssh_authorized_key resource:

user_ssh_pubkey { "repocloner/ssh-rsa@${::fqdn}": }

file { '/etc/facter/facts.d/user_ssh_pubkey.txt':
  ensure  => present,
  content => "user_ssh_pubkey=repocloner\n",
  owner   => 'root',
  group   => 'root',
  mode    => '0644',
}

if $::repocloner_sshrsakey {
  @@ssh_authorized_key { $::repocloner_sshrsakey_comment:
    ensure => present,
    key    => $::repocloner_sshrsakey,
    user   => 'repocloner',
    type   => $::repocloner_sshrsakey_type,
    tag    => [ 'repocloner-ssh-key' ],
  }
}

If the client node's name is used in the name (comment) of the user_ssh_pubkey, then exported resources from multiple client nodes can be generated.

For the target or server node, collect the exported resource:

Ssh_authorized_key <<| tag == 'repocloner-ssh-key' |>>

One could also use user parameter instead of a tag for selecting the exported resources instead of a tag.

License

Apache 2.0

Contact

Wil Cooley <wcooley(at)nakedape.cc>

Support

Please log tickets and issues at our Github issues.