Unable to add ssh-keys to known_hosts

[Dr. Natas]

Hey everyone,

I been trying to figure how to manage public ssh keys with the following code. For some reason I'm unable to add public ssh-keys to known_hosts. When I run this code from a node it doesn't trow any errors and runs without a problem but I think I'm missing something here that I don't see. Any help would be greatly appreciated. Thanks.  

This is my ssh_keys.pp

 1 class ssh_keys {

  2   define ssh_user($key) {

  3     user { $name:

  4       ensure     => present,

  5       managehome => true,

  6     }

  7 

  8     file { "/home/${name}/.ssh":

  9       ensure => directory,

 10       mode   => '0700',

 11       owner  => $name,

 12     }

 13 

 14     ssh_authorized_key { "${name}_key":

 15       key     => $key,

 16       type    => 'ssh-rsa',

 17       user    => $name,

 18       require => File["/home/${name}/.ssh"],

 19     }

 20   }

 21 

 22   @ssh_user { 'user.test':

 23     key    => 'thisisthebestburrito',

 24   }

 25 }

My site.pp

node 'my-node-name' {

 include ssh_keys

}

[Dirk Heinrichs]

Am 31.12.2015 um 23:46 schrieb Dr. Natas:

I been trying to figure how to manage public ssh keys with the following code. For some reason I'm unable to add public ssh-keys to known_hosts.

You don't add public keys to known_hosts. Host keys are added there (the keys of hosts the user logs in from).

When I run this code from a node it doesn't trow any errors and runs without a problem but I think I'm missing something here that I don't see.

I don't see anything in this class that would change known_hosts. ssh_authorized_keys manages a user's authorized_keys file only, that is: Public keys which are allowed to log in _as that user_.

However, you might want to try this one to manage the _systems_ global known_hosts file (see here):

# Collect SSH keys from all Unix hosts and store them in ssh_known_hosts
# so that all managed hosts will automatically know each other.

class sshkeys {
  # Declare the exported resource
  @@sshkey { $::fqdn:
    type => rsa,
    key  => $sshrsakey
  }

  # Collect all keys:
  Sshkey <<| |>>
}

HTH...

    Dirk

--

Dirk Heinrichs, Senior Systems Engineer, Engineering Solutions
Recommind GmbH, Von-Liebig-Straße 1, 53359 Rheinbach
Tel: +49 2226 1596666 (Ansage) 1149
Email: d...@recommind.com
Skype: dirk.heinrichs.recommind
www.recommind.com

[Dr. Natas]

Hey Dirk

Thanks for the pointing to my mistake.

I got it working by simply adding the following code. I'm still in my beta testing and will continue to modify my code a lot better. I'll post what I have when I'm done. Thanks for taking part of your day to helping me out. By the way, happy late new years!

# Collect SSH keys from all Unix hosts and store them in ssh_known_hosts

# so that all managed hosts will automatically know each other.

class ssh_keys {

  # Declare the exported resource

  @@sshkey { $::fqdn:

    type => rsa,

    key  => $sshrsakey

  }

  # Collect all keys:

  Sshkey <<| |>> 

  ssh_authorized_key { 'test@account2':

    user   => 'test.two',

    type   => 'ssh-rsa',

    ensure => present,

    key    => 'this-is-the-best-burrito2',

    }   

}

 

[Garrett Honeycutt]

Hi Dr. Natas,

Check out my Puppet Approved ssh module[1]. It handles the functionality
that you described and let's you easily specify[2] authorized keys.

[1] - https://forge.puppetlabs.com/ghoneycutt/ssh
[2] -
https://github.com/ghoneycutt/puppet-module-ssh#manage-users-ssh_authorized_keys

Best regards,
-g

--
Garrett Honeycutt
@learnpuppet
Puppet Training with LearnPuppet.com
Mobile: +1.206.414.8658