Puppet users - Sep 2008 - Managing SSH keys

Hello all,


I''d like to have Puppet distributing one of your server''s
(public) SSH
keys, effectively doing the same as the ssh-copy-id command.

Is there a build in puppet resource type for managing SSH keys. We''re
running version 0.24.4 of puppet.


Regards,
Kenneth Holter
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Hi
> I''d like to have Puppet distributing one of your server''s
(public) SSH
> keys, effectively doing the same as the ssh-copy-id command.
> 
> Is there a build in puppet resource type for managing SSH keys.
We''re
> running version 0.24.4 of puppet.

you mean something like that:
http://reductivelabs.com/trac/puppet/wiki/TypeReference#sshkey ? ;-)

also you might have a look @ davids ssh module:
http://git.black.co.at/?p=module-ssh

greets pete

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Thanks for the reply.

But does this resource type manage the distribution of SSH public keys for
setup of password-less login? If so, could you please provide a sample code
for distributing the SSH public key for a server A?


On 9/10/08, Peter Meier <peter.meier@immerda.ch>
wrote:
>
>
> Hi
>
> > I''d like to have Puppet distributing one of your
server''s (public) SSH
> > keys, effectively doing the same as the ssh-copy-id command.
> >
> > Is there a build in puppet resource type for managing SSH keys.
We''re
> > running version 0.24.4 of puppet.
>
>
> you mean something like that:
> http://reductivelabs.com/trac/puppet/wiki/TypeReference#sshkey ? ;-)
>
> also you might have a look @ davids ssh module:
> http://git.black.co.at/?p=module-ssh
>
> greets pete
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Kenneth Holter wrote:
> But does this resource type manage the distribution of SSH public keys
> for setup of password-less login? If so, could you please provide a
> sample code for distributing the SSH public key for a server A?
No, the sshkey type only manages host key (ie. /etc/ssh/ssh_known_hosts).

You can use ssh_authorized_key available since puppet 0.24.5 to do what
you want.

Example:

ssh_authorized_key{"francois.deppierraz@camptocamp.com on root":
  ensure => present,
  type   => "rsa",
  key    => "AAAAA.......",
  user   => "root",
}

By the way, you still need a way to generate the SSH key private key
beforehand.

François

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

I''ve gotten Puppet to distribute server A''s public SSH key on
some of the
nodes in the network. For password-less login to work, the nodes'' host
key
must be saved on server A.

Is there a security reason for not automating this process (if possible),
i.e. automating the process of retreiving the nodes'' host key and
importing
them into server A''s know hosts file? And is there a way to get puppet
to do
this using the built in types of version 0.24.4 (I know there is a sshkey
type, but I''m not quite sure how this works)?


Regards,
Kenneth Holter

On 9/11/08, Francois Deppierraz <francois@ctrlaltdel.ch>
wrote:
>
>
> Kenneth Holter wrote:
>
> > But does this resource type manage the distribution of SSH public keys
> > for setup of password-less login? If so, could you please provide a
> > sample code for distributing the SSH public key for a server A?
>
> No, the sshkey type only manages host key (ie. /etc/ssh/ssh_known_hosts).
>
> You can use ssh_authorized_key available since puppet 0.24.5 to do what
> you want.
>
> Example:
>
> ssh_authorized_key{"francois.deppierraz@camptocamp.com on root":
> ensure => present,
> type   => "rsa",
> key    => "AAAAA.......",
> user   => "root",
> }
>
> By the way, you still need a way to generate the SSH key private key
> beforehand.
>
> François
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

You'll need to generate keys for distribution, automating this somehow by
calling out to ssh-keygen I presume.
Regards,

AJ

2008/9/12 Kenneth Holter <kenneho.ndu@gmail.com>
>
> I've gotten Puppet to distribute server A's public SSH key on some
of the
> nodes in the network. For password-less login to work, the nodes' host
key
> must be saved on server A.
>
> Is there a security reason for not automating this process (if possible),
> i.e. automating the process of retreiving the nodes' host key and
importing
> them into server A's know hosts file? And is there a way to get puppet
to do
> this using the built in types of version 0.24.4 (I know there is a sshkey
> type, but I'm not quite sure how this works)?
>
>
> Regards,
> Kenneth Holter
>
> On 9/11/08, Francois Deppierraz <francois@ctrlaltdel.ch> wrote:
>>
>>
>> Kenneth Holter wrote:
>>
>> > But does this resource type manage the distribution of SSH public
keys
>> > for setup of password-less login? If so, could you please provide
a
>> > sample code for distributing the SSH public key for a server A?
>>
>> No, the sshkey type only manages host key (ie.
/etc/ssh/ssh_known_hosts).
>>
>> You can use ssh_authorized_key available since puppet 0.24.5 to do what
>> you want.
>>
>> Example:
>>
>> ssh_authorized_key{"francois.deppierraz@camptocamp.com on
root":
>> ensure => present,
>> type   => "rsa",
>> key    => "AAAAA.......",
>> user   => "root",
>> }
>>
>> By the way, you still need a way to generate the SSH key private key
>> beforehand.
>>
>> François
>> >>
>>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---