Defined Type: ssh::userkey

Defined in:
modules/ssh/manifests/userkey.pp

Overview

Examples:

Examples


ssh::userkey { 'john'
  ensure => present,
  source => 'puppet:///files/admin/ssh/john-rsa',
}

Parameters:

  • ensure (Wmflib::Ensure) (defaults to: present)

    If 'present', config will be enabled; if 'absent', disabled. The default is 'present'.

  • user (String[1]) (defaults to: $title)

    The user key to configure defaults to title

  • content (Optional[String[1]]) (defaults to: undef)

    If defined, will be used as the content of the configuration file. Undefined by default. Mutually exclusive with 'source'.

  • source (Optional[Stdlib::Filesource]) (defaults to: undef)

    Path to file containing configuration directives. Undefined by default. Mutually exclusive with 'content'.

  • skey (Optional[String[1]]) (defaults to: undef)

    If defined, a supplemental key for a user will be defined. The key will be stored in a file named $user.d/skey. $useruser.d will be created as well if it is not already defined. You probably don't want to use this for most cases.



34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
# File 'modules/ssh/manifests/userkey.pp', line 34

define ssh::userkey(
  Wmflib::Ensure               $ensure  = present,
  String[1]                    $user    = $title,
  Optional[String[1]]          $skey    = undef,
  Optional[Stdlib::Filesource] $source  = undef,
  Optional[String[1]]          $content = undef,

) {
    if $skey {
        if !defined(File["/etc/ssh/userkeys/${user}.d/"]) {
            file { "/etc/ssh/userkeys/${user}.d/":
                ensure => directory,
                force  => true,
                owner  => 'root',
                group  => 'root',
                mode   => '0755',
            }
        }
        $path = "/etc/ssh/userkeys/${user}.d/${skey}"
    } else {
        $path = "/etc/ssh/userkeys/${user}"
    }

    file { $path:
        ensure    => stdlib::ensure($ensure, 'file'),
        force     => true,
        owner     => 'root',
        group     => 'root',
        mode      => '0444', # sshd drops perms before trying to read public keys
        content   => $content,
        source    => $source,
        show_diff => false,
    }
}