1CDIST-TYPE__SSH_AUTHORIZED_KEYS(7) cdist CDIST-TYPE__SSH_AUTHORIZED_KEYS(7)
2
3
4
6 cdist-type__ssh_authorized_keys - Manage ssh authorized_keys files
7
9 Adds or removes ssh keys from a authorized_keys file.
10
11 This type uses the __ssh_dot_ssh type to manage the directory contain‐
12 ing the authorized_keys file. You can disable this feature with the
13 --noparent boolean parameter.
14
15 The existence, ownership and permissions of the authorized_keys file
16 itself are also managed. This can be disabled with the --nofile boolean
17 parameter. It is then left to the user to ensure that the file exists
18 and that ownership and permissions work with ssh.
19
21 key An ssh key which shall be managed in this authorized_keys file.
22 Must be a string containing the ssh keytype, base 64 encoded key
23 and optional trailing comment which shall be added to the given
24 authorized_keys file. Can be specified multiple times.
25
27 comment
28 Use this comment instead of the one which may be trailing in
29 each key.
30
31 file An alternative destination file, defaults to ~$owner/.ssh/autho‐
32 rized_keys.
33
34 option An option to set for all authorized_key entries in the key pa‐
35 rameter. Can be specified multiple times. See sshd(8) for
36 available options.
37
38 owner The user owning the authorized_keys file, defaults to object_id.
39
40 state If the given keys should be 'present' or 'absent', defaults to
41 'present'.
42
44 noparent
45 Don't create or change ownership and permissions of the direc‐
46 tory containing the authorized_keys file.
47
48 nofile Don't manage existence, ownership and permissions of the the au‐
49 thorized_keys file.
50
51 remove-unknown
52 Remove undefined keys.
53
55 # add your ssh key to remote root's authorized_keys file
56 __ssh_authorized_keys root \
57 --key "$(cat ~/.ssh/id_rsa.pub)"
58
59 # same as above, but make sure your key is only key in
60 # root's authorized_keys file
61 __ssh_authorized_keys root \
62 --key "$(cat ~/.ssh/id_rsa.pub)" \
63 --remove-unknown
64
65 # allow key to login as user-name
66 __ssh_authorized_keys user-name \
67 --key "ssh-rsa AXYZAAB3NzaC1yc2..."
68
69 # allow key to login as user-name with options and expicit comment
70 __ssh_authorized_keys user-name \
71 --key "ssh-rsa AXYZAAB3NzaC1yc2..." \
72 --option no-agent-forwarding \
73 --option 'from="*.example.com"' \
74 --comment 'backup server'
75
76 # same as above, but with explicit owner and two keys
77 # note that the options are set for all given keys
78 __ssh_authorized_keys some-fancy-id \
79 --owner user-name \
80 --key "ssh-rsa AXYZAAB3NzaC1yc2..." \
81 --key "ssh-rsa AZXYAAB3NzaC1yc2..." \
82 --option no-agent-forwarding \
83 --option 'from="*.example.com"' \
84 --comment 'backup server'
85
86 # authorized_keys file in non standard location
87 __ssh_authorized_keys some-fancy-id \
88 --file /etc/ssh/keys/user-name/authorized_keys \
89 --owner user-name \
90 --key "ssh-rsa AXYZAAB3NzaC1yc2..."
91
92 # same as above, but directory and authorized_keys file is created elswhere
93 __ssh_authorized_keys some-fancy-id \
94 --file /etc/ssh/keys/user-name/authorized_keys \
95 --owner user-name \
96 --noparent \
97 --nofile \
98 --key "ssh-rsa AXYZAAB3NzaC1yc2..."
99
101 sshd(8)
102
104 Steven Armstrong <steven-cdist--@--armstrong.cc>
105
107 Copyright (C) 2012-2014 Steven Armstrong. You can redistribute it
108 and/or modify it under the terms of the GNU General Public License as
109 published by the Free Software Foundation, either version 3 of the Li‐
110 cense, or (at your option) any later version.
111
113 ungleich GmbH 2021
114
115
116
117
1186.9.8 Aug 24, 2021CDIST-TYPE__SSH_AUTHORIZED_KEYS(7)