NOTE: This page was generated from the Puppet source code on 2016-09-22 14:45:05 -0700
ssh_authorized_key
Description
Manages SSH authorized keys. Currently only type 2 keys are supported.
In their native habitat, SSH keys usually appear as a single long line. This
resource type requires you to split that line into several attributes. Thus, a
key that appears in your ~/.ssh/id_rsa.pub
file like this…
ssh-rsa AAAAB3Nza[...]qXfdaQ== [email protected]
…would translate to the following resource:
ssh_authorized_key { '[email protected]':
user => 'nick',
type => 'ssh-rsa',
key => 'AAAAB3Nza[...]qXfdaQ== [email protected]',
}
To ensure that only the currently approved keys are present, you can purge
unmanaged SSH keys on a per-user basis. Do this with the user
resource
type’s purge_ssh_keys
attribute:
user { 'nick':
ensure => present,
purge_ssh_keys => true,
}
This will remove any keys in ~/.ssh/authorized_keys
that aren’t being
managed with ssh_authorized_key
resources. See the documentation of the
user
type for more details.
Autorequires: If Puppet is managing the user account in which this
SSH key should be installed, the ssh_authorized_key
resource will autorequire
that user.
Attributes
ssh_authorized_key { 'resource title':
name => # (namevar) The SSH key comment. This attribute is currently
ensure => # The basic property that the resource should be...
key => # The public key itself; generally a long string...
options => # Key options; see sshd(8) for possible values...
provider => # The specific backend to use for this...
target => # The absolute filename in which to store the SSH...
type => # The encryption type used. Valid values are...
user => # The user account in which the SSH key should be...
# ...plus any applicable metaparameters.
}
name
(Namevar: If omitted, this attribute’s value defaults to the resource’s title.)
The SSH key comment. This attribute is currently used as a system-wide primary key and therefore has to be unique.
(↑ Back to ssh_authorized_key attributes)
ensure
(Property: This attribute represents concrete state on the target system.)
The basic property that the resource should be in.
Valid values are present
, absent
.
(↑ Back to ssh_authorized_key attributes)
key
(Property: This attribute represents concrete state on the target system.)
The public key itself; generally a long string of hex characters. The key
attribute may not contain whitespace.
Make sure to omit the following in this attribute (and specify them in other attributes):
- Key headers (e.g. ‘ssh-rsa’) — put these in the
type
attribute. - Key identifiers / comments (e.g. ‘[email protected]’) — put these in
the
name
attribute/resource title.
(↑ Back to ssh_authorized_key attributes)
options
(Property: This attribute represents concrete state on the target system.)
Key options; see sshd(8) for possible values. Multiple values should be specified as an array.
(↑ Back to ssh_authorized_key attributes)
provider
The specific backend to use for this ssh_authorized_key
resource. You will seldom need to specify this — Puppet will usually
discover the appropriate provider for your platform.
Available providers are:
(↑ Back to ssh_authorized_key attributes)
target
(Property: This attribute represents concrete state on the target system.)
The absolute filename in which to store the SSH key. This
property is optional and should only be used in cases where keys
are stored in a non-standard location (i.e. not in
~user/.ssh/authorized_keys`).
(↑ Back to ssh_authorized_key attributes)
type
(Property: This attribute represents concrete state on the target system.)
The encryption type used.
Valid values are ssh-dss
(also called dsa
), ssh-rsa
(also called rsa
), ecdsa-sha2-nistp256
, ecdsa-sha2-nistp384
, ecdsa-sha2-nistp521
, ssh-ed25519
(also called ed25519
).
(↑ Back to ssh_authorized_key attributes)
user
(Property: This attribute represents concrete state on the target system.)
The user account in which the SSH key should be installed. The resource
will autorequire this user if it is being managed as a user
resource.
(↑ Back to ssh_authorized_key attributes)
Providers
parsed
Parse and generate authorized_keys files for SSH.
NOTE: This page was generated from the Puppet source code on 2016-09-22 14:45:05 -0700