Re: ssh keys - registering multiple keys onto a same remote account
1,976 views
Skip to first unread message
Paul Tötterman
Sep 20, 2012, 5:01:49 AM9/20/12
to puppet...@googlegroups.com
Hi Hiu,
key1=[ 'XXXXXXXX', 'YYYYY', 'ZZZZZZZ']
...
key => $key1,
http://docs.puppetlabs.com/references/latest/type.html#sshauthorizedkey does not suggest that the provider would support an array for key.
I suggest doing something like:
$user = 'user'
ssh_authorized_key {
"${user}-key1":
type => 'ssh-rsa',
user => $user,
key => $key1;
"${user}-key2":
type => 'ssh-rsa',
user => $user,
key => $key2;
...
}
or even a define:
$user = 'user'
$keys = [$key1, $key2, ...]
define user_key() {
ssh_authorized_key { "$user-$name':
type => 'ssh-rsa',
user => $user,
key => $name,
}
}
user_key { $keys: }
(My puppet code may well contain errors, but should give you the idea)
Cheers,
Paul
Hiu
Sep 20, 2012, 10:34:44 PM9/20/12
to puppet...@googlegroups.com
hi Paul,
I am pretty to code the puppet codes. I try the options that you suggested about creating the define type. But, I am still stuck in the middle.
Here is my code.
$pub_keys=['XXXXXX', 'YYYYY', 'ZZZZZZ' ]
define add_authkeys (user="hiu", key) {
ssh_authorized_key { "$hiu":
name => "hiu@$fqdn",
ensure => present,
type => ssh-rsa,
key => $key,
user => $user,
}
}
class base::config_authorized_keys {
add_authkeys { "hiu@$fqdn":
key => $pub_keys,
}
}
the result is something that unexpected. my authorized keys are something like this:
ssh-rsa XXXXYYYYYYYYZZZZZZZZZ
instead of
ssh-rsa XXXXXXXX
ssh-rsa YYYYYY
ssh-rsa ZZZZZZZ
can you please advise? thank you.
Stefan Schulte
Sep 26, 2012, 9:11:13 PM9/26/12
to puppet...@googlegroups.com
On Thu, Sep 20, 2012 at 07:34:44PM -0700, Hiu wrote:
> hi Paul,
>
>
> I am pretty to code the puppet codes. I try the options that you suggested
> about creating the define type. But, I am still stuck in the middle.
>
> Here is my code.
> $pub_keys=['XXXXXX', 'YYYYY', 'ZZZZZZ' ]
>
> define add_authkeys (user="hiu", key) {
> ssh_authorized_key { "$hiu":
> name => "hiu@$fqdn",
> ensure => present,
> type => ssh-rsa,
> key => $key,
> user => $user,
> }
> }
>
>
> class base::config_authorized_keys {
> add_authkeys { "hiu@$fqdn":
> key => $pub_keys,
> }
> }
>
>
> the result is something that unexpected. my authorized keys are something
> like this:
>
> ssh-rsa XXXXYYYYYYYYZZZZZZZZZ
>
> instead of
>
> ssh-rsa XXXXXXXX
> ssh-rsa YYYYYY
> ssh-rsa ZZZZZZZ
>
>
> can you please advise? thank you.
>
The idea is to pass an array as a resource title. e.g.
> hi Paul,
>
>
> I am pretty to code the puppet codes. I try the options that you suggested
> about creating the define type. But, I am still stuck in the middle.
>
> Here is my code.
> $pub_keys=['XXXXXX', 'YYYYY', 'ZZZZZZ' ]
>
> define add_authkeys (user="hiu", key) {
> ssh_authorized_key { "$hiu":
> name => "hiu@$fqdn",
> ensure => present,
> type => ssh-rsa,
> key => $key,
> user => $user,
> }
> }
>
>
> class base::config_authorized_keys {
> add_authkeys { "hiu@$fqdn":
> key => $pub_keys,
> }
> }
>
>
> the result is something that unexpected. my authorized keys are something
> like this:
>
> ssh-rsa XXXXYYYYYYYYZZZZZZZZZ
>
> instead of
>
> ssh-rsa XXXXXXXX
> ssh-rsa YYYYYY
> ssh-rsa ZZZZZZZ
>
>
> can you please advise? thank you.
>
file { ['/foo', '/bar' ]: ensure => directory}
is the same as decalaring
file { '/foo': ensure => directory}
file { '/bar': ensure => directory}
You can now define a resource that takes a *key* as a title. This way
passing an array of keys multiple resources are created. The title is
available as $name. $user has to be passed as a parameter.
define pubkey{$user) {
ssh_authorized_key { "${user}@fqdn-${name}":
ensure => present,
key => $name,
user => $user,
type => rsa,
}
}
Now in your base class:
class base::config_authorized_keys {
$keys = [ "aaa", "bbb" ]
pubkey { $keys:
user => 'hiu',
}
}
Again, this is the same as declaring
pubkey { "aaa": user => hiu }
pubkey { "bbb": user => hiu }
-Stefan
Reply all
Reply to author
Forward
0 new messages