You'll need to generate keys for distribution, automating this somehow by
calling out to ssh-keygen I presume.
Regards,
AJ
2008/9/12 Kenneth Holter <[EMAIL PROTECTED]>
>
> I've gotten Puppet to distribute server A's public SSH key on some of the
> nodes in the network. For password-less login to work, the nodes' host key
> must be saved on server A.
>
> Is there a security reason for not automating this process (if possible),
> i.e. automating the process of retreiving the nodes' host key and importing
> them into server A's know hosts file? And is there a way to get puppet to do
> this using the built in types of version 0.24.4 (I know there is a sshkey
> type, but I'm not quite sure how this works)?
>
>
> Regards,
> Kenneth Holter
>
> On 9/11/08, Francois Deppierraz <[EMAIL PROTECTED]> wrote:
>>
>>
>> Kenneth Holter wrote:
>>
>> > But does this resource type manage the distribution of SSH public keys
>> > for setup of password-less login? If so, could you please provide a
>> > sample code for distributing the SSH public key for a server A?
>>
>> No, the sshkey type only manages host key (ie. /etc/ssh/ssh_known_hosts).
>>
>> You can use ssh_authorized_key available since puppet 0.24.5 to do what
>> you want.
>>
>> Example:
>>
>> ssh_authorized_key{"[EMAIL PROTECTED] on root":
>> ensure => present,
>> type => "rsa",
>> key => "AAAAA.......",
>> user => "root",
>> }
>>
>> By the way, you still need a way to generate the SSH key private key
>> beforehand.
>>
>> François
>> >>
>>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
