Puppet Function: ssh::ssh_sign_host_certificate

Defined in:
modules/ssh/lib/puppet/functions/ssh/ssh_sign_host_certificate.rb
Function type:
Ruby 4.x API

Overview

ssh::ssh_sign_host_certificate(String[1] $pubkey, Array[Stdlib::Host] $names)Any

SPDX-License-Identifier: Apache-2.0 frozen_string_literal: true

Parameters:

  • pubkey (String[1])
  • names (Array[Stdlib::Host])

Returns:

  • (Any) 


4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
 
# File 'modules/ssh/lib/puppet/functions/ssh/ssh_sign_host_certificate.rb', line 4

Puppet::Functions.create_function(:'ssh::ssh_sign_host_certificate') do
  dispatch :ssh_sign_host_certificate do
    param 'String[1]', :pubkey
    param 'Array[Stdlib::Host]', :names
  end

  def ssh_sign_host_certificate(pubkey, names)
    key_id = File.read('/etc/ssh/ca-key-id.txt')

    Dir.mktmpdir('puppet-sshhostkey') do |tmp_path|
      pubkey_file = File.join(tmp_path, 'key.pub')
      cert_file = File.join(tmp_path, 'key-cert.pub')

      File.write(pubkey_file, pubkey)

      Puppet::Util::Execution.execute([
        '/usr/bin/ssh-keygen',
        '-s', '/etc/ssh/ca',
        '-I', key_id,
        '-h',  # sign host keys
        '-n', names.join(','),
        '-V', '+6w',
        pubkey_file
      ])

      File.read(cert_file)
    end
  end
end