Puppet Platform reference manual

NOTE: This page was generated from the Puppet source code on 2017-11-03 18:09:48 -0700

ssh_authorized_key

Description

Manages SSH authorized keys. Currently only type 2 keys are supported.

In their native habitat, SSH keys usually appear as a single long line, in the format <TYPE> <KEY> <NAME/COMMENT>. This resource type requires you to split that line into several attributes. Thus, a key that appears in your ~/.ssh/id_rsa.pub file like this…

ssh-rsa AAAAB3Nza[...]qXfdaQ== nick@magpie.example.com

…would translate to the following resource:

ssh_authorized_key { 'nick@magpie.example.com':
  ensure => present,
  user   => 'nick',
  type   => 'ssh-rsa',
  key    => 'AAAAB3Nza[...]qXfdaQ==',
}

To ensure that only the currently approved keys are present, you can purge unmanaged SSH keys on a per-user basis. Do this with the user resource type’s purge_ssh_keys attribute:

user { 'nick':
  ensure         => present,
  purge_ssh_keys => true,
}

This will remove any keys in ~/.ssh/authorized_keys that aren’t being managed with ssh_authorized_key resources. See the documentation of the user type for more details.

Autorequires: If Puppet is managing the user account in which this SSH key should be installed, the ssh_authorized_key resource will autorequire that user.

Attributes

ssh_authorized_key { 'resource title':
  name     => # (namevar) The SSH key comment. This can be anything, and...
  ensure   => # The basic property that the resource should be...
  key      => # The public key itself; generally a long string...
  options  => # Key options; see sshd(8) for possible values...
  provider => # The specific backend to use for this...
  target   => # The absolute filename in which to store the SSH...
  type     => # The encryption type used.  Valid values are...
  user     => # The user account in which the SSH key should be...
  # ...plus any applicable metaparameters.
}

name

(Namevar: If omitted, this attribute’s value defaults to the resource’s title.)

The SSH key comment. This can be anything, and doesn’t need to match the original comment from the .pub file.

Due to internal limitations, this must be unique across all user accounts; if you want to specify one key for multiple users, you must use a different comment for each instance.

(↑ Back to ssh_authorized_key attributes)

ensure

(Property: This attribute represents concrete state on the target system.)

The basic property that the resource should be in.

Valid values are present, absent.

(↑ Back to ssh_authorized_key attributes)

key

(Property: This attribute represents concrete state on the target system.)

The public key itself; generally a long string of hex characters. The key attribute may not contain whitespace.

Make sure to omit the following in this attribute (and specify them in other attributes):

  • Key headers (e.g. ‘ssh-rsa’) — put these in the type attribute.
  • Key identifiers / comments (e.g. ‘joe@joescomputer.local’) — put these in the name attribute/resource title.

(↑ Back to ssh_authorized_key attributes)

options

(Property: This attribute represents concrete state on the target system.)

Key options; see sshd(8) for possible values. Multiple values should be specified as an array.

(↑ Back to ssh_authorized_key attributes)

provider

The specific backend to use for this ssh_authorized_key resource. You will seldom need to specify this — Puppet will usually discover the appropriate provider for your platform.

Available providers are:

(↑ Back to ssh_authorized_key attributes)

target

(Property: This attribute represents concrete state on the target system.)

The absolute filename in which to store the SSH key. This property is optional and should only be used in cases where keys are stored in a non-standard location (i.e. not in ~user/.ssh/authorized_keys`).

(↑ Back to ssh_authorized_key attributes)

type

(Property: This attribute represents concrete state on the target system.)

The encryption type used.

Valid values are ssh-dss (also called dsa), ssh-rsa (also called rsa), ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, ssh-ed25519 (also called ed25519).

(↑ Back to ssh_authorized_key attributes)

user

(Property: This attribute represents concrete state on the target system.)

The user account in which the SSH key should be installed. The resource will autorequire this user if it is being managed as a user resource.

(↑ Back to ssh_authorized_key attributes)

Providers

parsed

Parse and generate authorized_keys files for SSH.

NOTE: This page was generated from the Puppet source code on 2017-11-03 18:09:48 -0700

Back to top