From 34328aff1cbb626d4e76893415e205054211c871 Mon Sep 17 00:00:00 2001 From: Daniel Kraemer Date: Tue, 4 Oct 2016 20:53:01 +0200 Subject: [PATCH 1/4] add support for multiple private and public keys --- users/init.sls | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/users/init.sls b/users/init.sls index b8dbf9a..099a8f0 100644 --- a/users/init.sls +++ b/users/init.sls @@ -170,35 +170,44 @@ user_keydir_{{ name }}: {% endif %} {% if 'ssh_keys' in user %} - {% set key_type = 'id_' + user.get('ssh_key_type', 'rsa') %} -users_user_{{ name }}_private_key: + {% for _key in user.ssh_keys.keys() %} + {% if _key == 'privkey' %} + {% set key_name = 'id_' + user.get('ssh_key_type', 'rsa') %} + {% elif _key == 'pubkey' %} + {% set key_name = 'id_' + user.get('ssh_key_type', 'rsa') + '.pub' %} + {% else %} + {% set key_name = _key %} + {% endif %} +users_{{ name }}_{{ key_name }}_private_key: file.managed: - - name: {{ home }}/.ssh/{{ key_type }} + - name: {{ home }}/.ssh/{{ key_name }} - user: {{ name }} - group: {{ user_group }} - mode: 600 - show_diff: False - - contents_pillar: users:{{ name }}:ssh_keys:privkey + - contents_pillar: users:{{ name }}:ssh_keys:{{ _key }} - require: - user: users_{{ name }}_user {% for group in user.get('groups', []) %} - group: users_{{ name }}_{{ group }}_group {% endfor %} -users_user_{{ name }}_public_key: +users_{{ name }}_{{ key_name }}_public_key: file.managed: - - name: {{ home }}/.ssh/{{ key_type }}.pub + - name: {{ home }}/.ssh/{{ key_name }} - user: {{ name }} - group: {{ user_group }} - mode: 644 - show_diff: False - - contents_pillar: users:{{ name }}:ssh_keys:pubkey + - contents_pillar: users:{{ name }}:ssh_keys:{{ _key }} - require: - user: users_{{ name }}_user {% for group in user.get('groups', []) %} - group: users_{{ name }}_{{ group }}_group {% endfor %} + {% endfor %} {% endif %} + {% if 'ssh_auth_file' in user or 'ssh_auth_pillar' in user %} users_authorized_keys_{{ name }}: file.managed: From c98aa35392419d5c3089620e398a8b190dd030a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Kr=C3=A4mer?= Date: Sat, 8 Apr 2017 16:45:17 +0200 Subject: [PATCH 2/4] provide pillar example --- pillar.example | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pillar.example b/pillar.example index 220badc..6f65d95 100644 --- a/pillar.example +++ b/pillar.example @@ -50,6 +50,9 @@ users: ssh_keys: privkey: PRIVATEKEY pubkey: PUBLICKEY + # you can provide multiple keys, the keyname is takes as filename + foobar: PRIVATEKEY + foobar.pub: PUBLICKEY # ... or you can pull them from a different pillar, # for example one called "ssh_keys": ssh_keys_pillar: From c78516f8e0db042e3c09a5cc39e3a31113ad882c Mon Sep 17 00:00:00 2001 From: Daniel Kraemer Date: Tue, 26 Sep 2017 14:49:45 +0200 Subject: [PATCH 3/4] i don't know what made me do this, maybe brainlag --- users/init.sls | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) diff --git a/users/init.sls b/users/init.sls index 099a8f0..a1bb4a0 100644 --- a/users/init.sls +++ b/users/init.sls @@ -178,7 +178,7 @@ user_keydir_{{ name }}: {% else %} {% set key_name = _key %} {% endif %} -users_{{ name }}_{{ key_name }}_private_key: +users_{{ name }}_{{ key_name }}_key: file.managed: - name: {{ home }}/.ssh/{{ key_name }} - user: {{ name }} @@ -191,19 +191,6 @@ users_{{ name }}_{{ key_name }}_private_key: {% for group in user.get('groups', []) %} - group: users_{{ name }}_{{ group }}_group {% endfor %} -users_{{ name }}_{{ key_name }}_public_key: - file.managed: - - name: {{ home }}/.ssh/{{ key_name }} - - user: {{ name }} - - group: {{ user_group }} - - mode: 644 - - show_diff: False - - contents_pillar: users:{{ name }}:ssh_keys:{{ _key }} - - require: - - user: users_{{ name }}_user - {% for group in user.get('groups', []) %} - - group: users_{{ name }}_{{ group }}_group - {% endfor %} {% endfor %} {% endif %} From d8d20176295f88489a50d8b5091582ac4e5006ab Mon Sep 17 00:00:00 2001 From: Daniel Kraemer Date: Thu, 28 Sep 2017 08:22:25 +0200 Subject: [PATCH 4/4] adjust file permissions of public ssh-keys --- pillar.example | 3 ++- users/init.sls | 4 ++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/pillar.example b/pillar.example index 6f65d95..b0024d2 100644 --- a/pillar.example +++ b/pillar.example @@ -50,7 +50,8 @@ users: ssh_keys: privkey: PRIVATEKEY pubkey: PUBLICKEY - # you can provide multiple keys, the keyname is takes as filename + # you can provide multiple keys, the keyname is taken as filename + # make sure your public keys suffix is .pub foobar: PRIVATEKEY foobar.pub: PUBLICKEY # ... or you can pull them from a different pillar, diff --git a/users/init.sls b/users/init.sls index a1bb4a0..96d733e 100644 --- a/users/init.sls +++ b/users/init.sls @@ -183,7 +183,11 @@ users_{{ name }}_{{ key_name }}_key: - name: {{ home }}/.ssh/{{ key_name }} - user: {{ name }} - group: {{ user_group }} + {% if key_name.endswith(".pub") %} + - mode: 644 + {% else %} - mode: 600 + {% endif %} - show_diff: False - contents_pillar: users:{{ name }}:ssh_keys:{{ _key }} - require: