1CDIST-TYPE__SSH_AUTHORIZED_KEYS(7)   cdist  CDIST-TYPE__SSH_AUTHORIZED_KEYS(7)
2
3
4

NAME

6       cdist-type__ssh_authorized_keys - Manage ssh authorized_keys files
7

DESCRIPTION

9       Adds or removes ssh keys from a authorized_keys file.
10
11       This  type uses the __ssh_dot_ssh type to manage the directory contain‐
12       ing the authorized_keys file. You can disable  this  feature  with  the
13       --noparent boolean parameter.
14
15       The  existence,  ownership  and permissions of the authorized_keys file
16       itself are also managed. This can be disabled with the --nofile boolean
17       parameter.  It  is then left to the user to ensure that the file exists
18       and that ownership and permissions work with ssh.
19

REQUIRED MULTIPLE PARAMETERS

21       key    An ssh key which shall be managed in this authorized_keys  file.
22              Must be a string containing the ssh keytype, base 64 encoded key
23              and optional trailing comment which shall be added to the  given
24              authorized_keys file.  Can be specified multiple times.
25

OPTIONAL PARAMETERS

27       comment
28              Use  this  comment  instead  of the one which may be trailing in
29              each key.
30
31       file   An alternative destination file, defaults to ~$owner/.ssh/autho‐
32              rized_keys.
33
34       option An  option  to set for all authorized_key entries in the key pa‐
35              rameter.  Can be specified  multiple  times.   See  sshd(8)  for
36              available options.
37
38       owner  The user owning the authorized_keys file, defaults to object_id.
39
40       state  If  the  given keys should be 'present' or 'absent', defaults to
41              'present'.
42

BOOLEAN PARAMETERS

44       noparent
45              Don't create or change ownership and permissions of  the  direc‐
46              tory containing the authorized_keys file.
47
48       nofile Don't manage existence, ownership and permissions of the the au‐
49              thorized_keys file.
50
51       remove-unknown
52              Remove undefined keys.
53

EXAMPLES

55          # add your ssh key to remote root's authorized_keys file
56          __ssh_authorized_keys root \
57             --key "$(cat ~/.ssh/id_rsa.pub)"
58
59          # same as above, but make sure your key is only key in
60          # root's authorized_keys file
61          __ssh_authorized_keys root \
62             --key "$(cat ~/.ssh/id_rsa.pub)" \
63             --remove-unknown
64
65          # allow key to login as user-name
66          __ssh_authorized_keys user-name \
67             --key "ssh-rsa AXYZAAB3NzaC1yc2..."
68
69          # allow key to login as user-name with options and expicit comment
70          __ssh_authorized_keys user-name \
71             --key "ssh-rsa AXYZAAB3NzaC1yc2..." \
72             --option no-agent-forwarding \
73             --option 'from="*.example.com"' \
74             --comment 'backup server'
75
76          # same as above, but with explicit owner and two keys
77          # note that the options are set for all given keys
78          __ssh_authorized_keys some-fancy-id \
79             --owner user-name \
80             --key "ssh-rsa AXYZAAB3NzaC1yc2..." \
81             --key "ssh-rsa AZXYAAB3NzaC1yc2..." \
82             --option no-agent-forwarding \
83             --option 'from="*.example.com"' \
84             --comment 'backup server'
85
86          # authorized_keys file in non standard location
87          __ssh_authorized_keys some-fancy-id \
88             --file /etc/ssh/keys/user-name/authorized_keys \
89             --owner user-name \
90             --key "ssh-rsa AXYZAAB3NzaC1yc2..."
91
92          # same as above, but directory and authorized_keys file is created elswhere
93          __ssh_authorized_keys some-fancy-id \
94             --file /etc/ssh/keys/user-name/authorized_keys \
95             --owner user-name \
96             --noparent \
97             --nofile \
98             --key "ssh-rsa AXYZAAB3NzaC1yc2..."
99

SEE ALSO

101       sshd(8)
102

AUTHORS

104       Steven Armstrong <steven-cdist--@--armstrong.cc>
105

COPYING

107       Copyright (C) 2012-2014  Steven  Armstrong.  You  can  redistribute  it
108       and/or  modify  it under the terms of the GNU General Public License as
109       published by the Free Software Foundation, either version 3 of the  Li‐
110       cense, or (at your option) any later version.
111
113       ungleich GmbH 2021
114
115
116
117
1186.9.8                            Aug 24, 2021CDIST-TYPE__SSH_AUTHORIZED_KEYS(7)
Impressum