Sorry, Sandra, I started to add a comment at the bottom with usage,
but apparently I never saved it. Although the script can do user keys
as well, this just addresses host keys. I have a cron script that
generates the known hosts file as well:
0,10,20,30,40,50 * * * * /tr01/scripts/sshkeys.pl --genknownhosts
The script will either retrieve the key if it already exists, or
generate a new one if it doesn't. $ccbp_realname is just the fqdn.
class ssh::server::rh {
$rsahostkey = generate("$pm_scripts/sshkeys.pl", "--private",
"--rsa", "--host", "$ccbp_realname")
$rsahostkeypub = generate("$pm_scripts/sshkeys.pl", "--rsa",
"--host", "$ccbp_realname")
$dsahostkey = generate("$pm_scripts/sshkeys.pl", "--private",
"--dsa", "--host", "$ccbp_realname")
$dsahostkeypub = generate("$pm_scripts/sshkeys.pl", "--dsa",
"--host", "$ccbp_realname")
file { "/etc/ssh/ssh_host_rsa_key":
content => $rsahostkey,
mode => 0400, owner => root, group => root,
}
file { "/etc/ssh/ssh_host_rsa_key.pub":
content => $rsahostkeypub,
mode => 0444, owner => root, group => root,
}
file { "/etc/ssh/ssh_host_dsa_key":
content => $dsahostkey,
mode => 0400, owner => root, group => root,
}
file { "/etc/ssh/ssh_host_dsa_key.pub":
content => $dsahostkeypub,
mode => 0444, owner => root, group => root,
}
}
On Fri, Aug 31, 2012 at 5:21 AM, Sandra Schlichting
<littlesandr...@gmail.com> wrote:
> Hi Chad
>
>
>> Here is the script we use to do the same. I am not proud of all the
>> locking stuff. Not sure if it is necessary or not, but it works.
>> Just set $hostkeydir and $userkeydir for your environment, and it will
>> manage ssh host keys. It will also do user keys, but I didn't put
>> examples of that in the gist.
>>
>> git://gist.github.com/3534504.git
>
>
> It looks very impressive, but I can't really figure out how to use it.
>
> ~/ssh# ./sshkeys.pl --dsa --host=ttt.e.com --user=rrr --genknownhosts
> Unable to open lock file at ./sshkeys.pl line 239.
> ~/ssh# ./sshkeys.pl --dsa --host=ttt.e.com --user=rrr --genknownhosts
> --addauth
> Unknown option: addauth
>
> I have set
>
> our $hostkeydir = '/root/ssh/hostkeys';
> our $userkeydir = '/root/ssh/userkeys';
> our $known_hosts_copy = '/root/ssh/gen/ssh_known_hosts';
>
> If you could share the puppet module you use, it would be very helpful =)
>
> Hugs,
> Sandra
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/vR7zhEKP9FoJ.
>
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
--
Chad M. Huneycutt
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
