cookbook 'ama-ssh-private-keys', '= 0.2.0'
ama-ssh-private-keys (5) Versions 0.2.0 Follow1
Manages SSH private keys
cookbook 'ama-ssh-private-keys', '= 0.2.0', :supermarket
knife supermarket install ama-ssh-private-keys
knife supermarket download ama-ssh-private-keys
Cookbook ama-ssh-private-keys
This cookbook allows end user to install private keys for specified
accounts.
Cookbook provides self-explanatory ssh_private_key
resource:
ssh_private_key 'id_rsa' do user 'jodie' content '-----BEGIN PRIVATE KEY-----...' end
This will save provided key as {jodie's home}/.ssh/id_rsa
with mode
0600
.
Cookbook also exposes default
recipe that will take all items from
data bag with name specified as [ama][ssh-private-keys][data-bag]
attribute (ssh-private-keys
by default) and simply pass them to
resource.
If you want to use automatic public key generation and/or validation,
additional information is specified below.
Eye-catching warning: if you are using this cookbook, you're
quite certainly working with keys providing some sensitive access.
Ensure and double check that you minimize risk of exposure of your
keys as much as possible. This cookbook, on it's behalf, tries to do
the same.
Requirements
- Chef 12+
- Ruby 2.3.0+
- Installed and available on $PATH ssh-keygen binary for validation and public key generation (disabled by default)
Tested against
- Debian 7.3+
- Ubuntu 14.04+
- Centos 6.0+
- Fedora 24+
Generally internals are very simple, so it should run anywhere.
Full resource specification
ssh_private_key 'hackerman:default' do id 'id_rsa' # name_property user 'hackerman' # required type 'ssh-rsa' # ssh-(rsa|dss|ed25519), ecdsa-sha2-nistp(256|384|521) content '' # required parent_directory '/workspace' mode '0600' # optional, required for validation / public key creation passphrase '2018' # optional, required for public key creation comment 'hack-the-time' install_public_key true # defaults to false public_key_mode '0644' public_key_suffix '.pub' # if not specified, public key will be derived from private key # using ssh-keygen public_key '' perform_validation true # defaults to false action :create # :create/install, :delete/remove end
If install_public_key
is set to true, resource will create public key
file next to private key file. If public key is not supplied, it will
be derived from private key (passphrase may be needed to do so).
If perform_validation
is set to true, internal validator will make
following assertions before any file will be installed:
- Public key may be derived from supported private key
- If public key is provided, it matches generated public key
- If key type is provided, it matches type recovered by ssh-keygen
All not-safe-for-exposure resource properties are declared as sensitive
and won't appear in logs. Private keys are written to temporary files
(mode 0600) for validation / public key derivation which are erased
using ensure
blocks - only newer ssh-keygen versions accept stdin
for reading.
Licensing
MIT License / AMA Team
Dependent cookbooks
This cookbook has no specified dependencies.
Contingent cookbooks
Changelog
All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog
and this project adheres to Semantic Versioning.
[0.2.0] - 2017-06-30
Changed
- [BC] Revamped resource specification, now it has different fields and may generate public key itself.
[0.1.1] - 2017-06-23
Changed
- Fixed two bugs preventing default recipe from normal execution
[0.1.0] - 2017-06-20
Added
- Initial implementation
Collaborator Number Metric
0.2.0 failed this metric
Failure: Cookbook has 1 collaborators. A cookbook must have at least 2 collaborators to pass this metric.
Contributing File Metric
0.2.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
License Metric
0.2.0 passed this metric
Testing File Metric
0.2.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.2.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.2.0 failed this metric
0.2.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
License Metric
0.2.0 passed this metric
Testing File Metric
0.2.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.2.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.2.0 passed this metric
0.2.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.2.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.2.0 failed this metric