On Wed, Nov 28, 2012 at 1:50 PM, Jakov Sosic <jso...@srce.hr> wrote:
> On 11/26/2012 08:54 PM, Matt Zagrabelny wrote:
>> On Mon, Nov 26, 2012 at 1:47 PM, Jakov Sosic <jso...@srce.hr> wrote:
>>> Hi.
>>>
>>> I'm wondering is there a way to manage ssh servers, in a way that every
>>> machine has it's own key?
>>
>> I've used the "private" file server mechanism to serve out node sensitive
>> files.
>
>
> Thank you for the idea. Now only problem that is left is how to call a
> script to generate keys if files are not accessible in private section :-/
>
> I know one can do something like this:
>
> file { '/etc/ssh/ssh_host_rsa_key.pub':
> ensure => file,
> mode => 0644,
> source => [
> 'puppet:///private/etc/ssh/ssh_host_rsa_key.pub',
> 'puppet:///modules/sshd/ssh_host_rsa_key.pub',
> ],
> require => Package['openssh-server'],
> notify => Service['sshd'],
> }
>
> and put some blank default files in there, but I would much prefer to
> build the keys if they are not there, and I presume I need some puppet
> magic here :-/
>
> Any ideas?
Part of our server bootstrapping process is to copy over the ssh keys
to the puppetmaster after puppet has installed openssh-server.
As far as generating the keys, that should be pretty straightforward
using ssh-keygen.
-mz
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
