Resource Type: ssh_authorized_key
NOTE: This page was generated from the Puppet source code on 2018-08-28 06:48:02 -0700
ssh_authorized_key
Description
Manages SSH authorized keys. Currently only type 2 keys are supported.
In their native habitat, SSH keys usually appear as a single long line, in
the format <TYPE> <KEY> <NAME/COMMENT>
. This resource type requires you
to split that line into several attributes. Thus, a key that appears in
your ~/.ssh/id_rsa.pub
file like this…
ssh-rsa AAAAB3Nza[...]qXfdaQ== nick@magpie.example.com
…would translate to the following resource:
ssh_authorized_key { 'nick@magpie.example.com':
ensure => present,
user => 'nick',
type => 'ssh-rsa',
key => 'AAAAB3Nza[...]qXfdaQ==',
}
To ensure that only the currently approved keys are present, you can purge
unmanaged SSH keys on a per-user basis. Do this with the user
resource
type’s purge_ssh_keys
attribute:
user { 'nick':
ensure => present,
purge_ssh_keys => true,
}
This will remove any keys in ~/.ssh/authorized_keys
that aren’t being
managed with ssh_authorized_key
resources. See the documentation of the
user
type for more details.
Autorequires: If Puppet is managing the user account in which this
SSH key should be installed, the ssh_authorized_key
resource will autorequire
that user.
Attributes
ssh_authorized_key { 'resource title':
name => # (namevar) The SSH key comment. This can be anything, and...
ensure => # The basic property that the resource should be...
key => # The public key itself; generally a long string...
options => # Key options; see sshd(8) for possible values...
provider => # The specific backend to use for this...
target => # The absolute filename in which to store the SSH...
type => # The encryption type used. Valid values are...
user => # The user account in which the SSH key should be...
# ...plus any applicable metaparameters.
}
name
(Namevar: If omitted, this attribute’s value defaults to the resource’s title.)
The SSH key comment. This can be anything, and doesn’t need to match
the original comment from the .pub
file.
Due to internal limitations, this must be unique across all user accounts; if you want to specify one key for multiple users, you must use a different comment for each instance.
(↑ Back to ssh_authorized_key attributes)
ensure
(Property: This attribute represents concrete state on the target system.)
The basic property that the resource should be in.
Default: present
Allowed values:
present
absent
(↑ Back to ssh_authorized_key attributes)
key
(Property: This attribute represents concrete state on the target system.)
The public key itself; generally a long string of hex characters. The key
attribute may not contain whitespace.
Make sure to omit the following in this attribute (and specify them in other attributes):
- Key headers, such as ‘ssh-rsa’ — put these in the
type
attribute. - Key identifiers / comments, such as ‘joe@joescomputer.local’ — put these in
the
name
attribute/resource title.
(↑ Back to ssh_authorized_key attributes)
options
(Property: This attribute represents concrete state on the target system.)
Key options; see sshd(8) for possible values. Multiple values should be specified as an array.
(↑ Back to ssh_authorized_key attributes)
provider
The specific backend to use for this ssh_authorized_key
resource. You will seldom need to specify this — Puppet will usually
discover the appropriate provider for your platform.
Available providers are:
(↑ Back to ssh_authorized_key attributes)
target
(Property: This attribute represents concrete state on the target system.)
The absolute filename in which to store the SSH key. This
property is optional and should be used only in cases where keys
are stored in a non-standard location, for instance when not in
~user/.ssh/authorized_keys
.
Default: absent
(↑ Back to ssh_authorized_key attributes)
type
(Property: This attribute represents concrete state on the target system.)
The encryption type used.
Allowed values:
ssh-dss
ssh-rsa
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
ssh-ed25519
dsa
ed25519
rsa
(↑ Back to ssh_authorized_key attributes)
user
(Property: This attribute represents concrete state on the target system.)
The user account in which the SSH key should be installed. The resource
will autorequire this user if it is being managed as a user
resource.
(↑ Back to ssh_authorized_key attributes)
Providers
parsed
Parse and generate authorized_keys files for SSH.
NOTE: This page was generated from the Puppet source code on 2018-08-28 06:48:02 -0700