salt.states.ssh_auth¶
Control of entries in SSH authorized_key files.¶
The information stored in a user's ssh authorized key file can be easily controlled via the ssh_auth state. Defaults can be set by the enc, options, and comment keys. These defaults can be overridden by including them in the name.
AAAAB3NzaC1kc3MAAACBAL0sQ9fJ5bYTEyY==:
ssh_auth:
- present
- user: root
- enc: ssh-dss
thatch:
ssh_auth:
- present
- user: root
- source: salt://ssh_keys/thatch.id_rsa.pub
sshkeys:
ssh_auth:
- present
- user: root
- enc: ssh-rsa
- options:
- option1="value1"
- option2="value2 flag2"
- comment: myuser
- names:
- AAAAB3NzaC1kc3MAAACBAL0sQ9fJ5bYTEyY==
- ssh-dss AAAAB3NzaCL0sQ9fJ5bYTEyY== user@domain
- option3="value3" ssh-dss AAAAB3NzaC1kcQ9J5bYTEyY== other@testdomain
- AAAAB3NzaC1kcQ9fJFF435bYTEyY== newcomment
-
salt.states.ssh_auth.
absent
(name, user, config='.ssh/authorized_keys')¶ Verifies that the specified ssh key is absent
- name
- The ssh key to manage
- user
- The user who owns the ssh authorized keys file to modify
- config
- The location of the authorized keys file relative to the user's home directory, defaults to ".ssh/authorized_keys"
-
salt.states.ssh_auth.
present
(name, user, enc='ssh-rsa', comment='', source='', options=None, config='.ssh/authorized_keys', **kwargs)¶ Verifies that the specified ssh key is present for the specified user
- name
- The ssh key to manage
- user
- The user who owns the ssh authorized keys file to modify
- enc
- Defines what type of key is being used, can be ecdsa ssh-rsa, ssh-dss
- comment
- The comment to be placed with the ssh public key
- source
- The source file for the key(s). Can contain any number of public keys, in standard "authorized_keys" format. If this is set, comment, enc, and options will be ignored.
Note
The source file must contain keys in the format
<enc> <key> <comment>
. If you have generated a keypair using PuTTYgen, then you will need to do the following to retrieve an OpenSSH-compatible public key.- In PuTTYgen, click
Load
, and select the private key file (not the public key), and clickOpen
. - Copy the public key from the box labeled
Public key for pasting into OpenSSH authorized_keys file
. - Paste it into a new file.
- options
- The options passed to the key, pass a list object
- config
- The location of the authorized keys file relative to the user's home directory, defaults to ".ssh/authorized_keys"