Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

Select Status

RSS

ssh_authorized_keys (5) Versions 0.4.0

Creates SSH authorized keys files in user home directories.

Policyfile
Berkshelf
Knife
cookbook 'ssh_authorized_keys', '= 0.4.0', :supermarket
cookbook 'ssh_authorized_keys', '= 0.4.0'
knife supermarket install ssh_authorized_keys
knife supermarket download ssh_authorized_keys
README
Dependencies
Changelog
Quality 67%

SSH Authorized Keys Cookbook

Documentation
GitHub
License

Cookbook Version
Dependency Status
Code Climate
Build Status
Coverage Status
Inline docs

Chef cookbook to create SSH authorized keys files in user home directories.

Tries to avoid generating a corrupt file that could render your server inaccessible.

Requirements

Supported Platforms

This cookbook has been tested on the following platforms:

  • AIX
  • Amazon Linux
  • Debian
  • CentOS
  • Fedora
  • FreeBSD
  • openSUSE
  • RedHat
  • SUSE
  • Ubuntu

Please, let us know if you use it successfully on any other platform.

Required Applications

  • Chef 12 or higher.
  • Ruby 2.3 or higher.

Definitions

ssh_authorize_key

Authorize a key for public key authentication using SSH.

Warning: This definition uses the Accumulator Pattern. This implies that any SSH key added using other methods (such as keys added by hand) will be deleted.

ssh_authorize_key Parameters

Parameter Default Description
user nil System user (required).
group user System group.
home calculated System user home path.
key nil SSH public key in base64 (required).
keytype 'ssh-rsa' SSH key type.
comment definition name SSH key comment.
options nil SSH key options as a hash.
validate_key true Enable/Disable assert_key

Usage Examples

First of all, don't forget to include the ssh_authorized_keys cookbook as a dependency in the cookbook metadata:

# metadata.rb
# [...]

depends 'ssh_authorized_keys'

You can use the ssh_authorize_key to authorize SSH public keys to use SSH public key authentication:

# Bob is the admin here.

ssh_authorize_key 'bob@acme.com' do
  key 'AAAAB3NzaC1yc2EAAAADAQABAAABAQCctNyRouVDhzjiP[...]'
  user 'root'
end

ssh_authorize_key 'alice@acme.com' do
  key 'AAAAB3NzaC1yc2EAAAADAQABAAABAQCySLKbpFRGCrKU/[...]'
  user 'alice'
end

Setting the SSH Key Options Field

You can set the options field as follows:

# As the root user by default in ubuntu:
ssh_authorize_key 'bob@acme.com' do
  key 'AAAAB3NzaC1yc2EAAAADAQABAAABAQCctNyRouVDhzjiP[...]'
  user 'root'
  options(
    'no-port-forwarding' => true,
    'no-agent-forwarding' => true,
    'no-X11-forwarding' => true,
    command:
      'echo \'Please login as the user "bob" rather than the user "root".\''\
      ';echo;sleep 10'
  )
end

Reading the Keys from a Data Bag

For example, from the following data bag item:

{
  "id": "users",
  "bob@acme.com": {
    "key": "AAAAB3NzaC1yc2EAAAADAQABAAABAQCctNyRouVDhzjiP[...]",
    "user": "root"
  },
  "alice@acme.com": {
    "key": "AAAAB3NzaC1yc2EAAAADAQABAAABAQCySLKbpFRGCrKU/[...]",
    "user": "alice"
  }
}

You can read the data bag item from a recipe as follows:

users = data_bag_item('ssh', 'users')
users.delete('id')

users.each do |name, ssh_key|
  ssh_authorize_key name do
    key ssh_key['key']
    user ssh_key['user']
  end
end

See the data bags DSL documentation for a more detailed explanation and the data bags knife documentation to learn how to create a data bag.

Attributes

These attributes are primarily intended to support the different platforms. Do not touch them unless you know what you are doing.

Attribute Default Description
node['ssh_authorized_keys']['keytypes'] calculated Allowed SSH key types.

Testing

See TESTING.md.

ChefSpec Tests

To create ChefSpec tests for the ssh_authorize_key definition, you can use the render_file matcher to check the authorized_keys file content:

it 'allows bob to login as root' do
  expect(chef_run).to render_file('/root/.ssh/authorized_keys')
    .with_content(/^ssh-rsa [A-Za-z0-9+\/=]+ bob@acme\.com$/)
end

You can also test against the internal template:

it 'creates ~bob/.ssh/authorized_keys file' do
  expect(chef_run).to create_template('/home/bob/.ssh/authorized_keys')
end

Contributing

Please do not hesitate to open an issue with any questions or problems.

See CONTRIBUTING.md.

TODO

See TODO.md.

License and Author

Author: Raul Rodriguez (raul@onddo.com)
Author: Xabier de Zuazo (xabier@zuazo.org)
Contributor: Ong Ming Yang
Contributor: MVNW
Contributor: Anthony Caiafa
Copyright: Copyright (c) 2015-2016, Xabier de Zuazo
Copyright: Copyright (c) 2015, Onddo Labs, SL.
License: Apache License, Version 2.0
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

CHANGELOG for ssh_authorized_keys

All notable changes to the ssh_authorized_keys Chef cookbook will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

0.4.0 - 2017-06-12

Added

Removed

  • Drop Ruby < 2.3 support.
  • Drop Chef < 12 support.

Documentation Changes

  • README:
    • Add documentation badge.
    • Fix Parameters table.
  • Add GitHub templates.
  • CHANGELOG: Follow "Keep a CHANGELOG".

0.3.0 - 2015-08-14

Build Status

Fixed

  • Use gid from Etc.getpwnam (issue #3, thanks Ong Ming Yang).
  • Recursively create .ssh directory if it does not exist (issue #4, thanks Ong Ming Yang).
  • Update chef links to use chef.io domain.
  • Update contact information and links after migration.

0.2.0 - 2015-05-27

Build Status

Added

  • Add openSUSE as supported platform.

Fixed

0.1.0 - 2015-01-11

Build Status

  • Initial release of ssh_authorized_keys.

Collaborator Number Metric
            

0.4.0 failed this metric

Failure: Cookbook has 1 collaborators. A cookbook must have at least 2 collaborators to pass this metric.

Contributing File Metric
            

0.4.0 passed this metric

Foodcritic Metric
            

0.4.0 passed this metric

No Binaries Metric
            

0.4.0 failed this metric

Failure: Cookbook should not contain binaries. Found:
ssh_authorized_keys/coverage/assets/0.10.1/favicon_red.png
ssh_authorized_keys/coverage/assets/0.10.1/colorbox/controls.png
ssh_authorized_keys/coverage/assets/0.10.1/colorbox/border.png
ssh_authorized_keys/coverage/assets/0.10.1/colorbox/loading.gif
ssh_authorized_keys/coverage/assets/0.10.1/colorbox/loading_background.png
ssh_authorized_keys/coverage/assets/0.10.1/smoothness/images/ui-bg_glass_95_fef1ec_1x400.png
ssh_authorized_keys/coverage/assets/0.10.1/smoothness/images/ui-bg_highlight-soft_75_cccccc_1x100.png
ssh_authorized_keys/coverage/assets/0.10.1/smoothness/images/ui-bg_flat_75_ffffff_40x100.png
ssh_authorized_keys/coverage/assets/0.10.1/smoothness/images/ui-icons_888888_256x240.png
ssh_authorized_keys/coverage/assets/0.10.1/smoothness/images/ui-icons_222222_256x240.png
ssh_authorized_keys/coverage/assets/0.10.1/smoothness/images/ui-bg_glass_55_fbf9ee_1x400.png
ssh_authorized_keys/coverage/assets/0.10.1/smoothness/images/ui-icons_454545_256x240.png
ssh_authorized_keys/coverage/assets/0.10.1/smoothness/images/ui-bg_glass_75_e6e6e6_1x400.png
ssh_authorized_keys/coverage/assets/0.10.1/smoothness/images/ui-bg_glass_65_ffffff_1x400.png
ssh_authorized_keys/coverage/assets/0.10.1/smoothness/images/ui-icons_2e83ff_256x240.png
ssh_authorized_keys/coverage/assets/0.10.1/smoothness/images/ui-bg_glass_75_dadada_1x400.png
ssh_authorized_keys/coverage/assets/0.10.1/smoothness/images/ui-icons_cd0a0a_256x240.png
ssh_authorized_keys/coverage/assets/0.10.1/smoothness/images/ui-bg_flat_0_aaaaaa_40x100.png
ssh_authorized_keys/coverage/assets/0.10.1/magnify.png
ssh_authorized_keys/coverage/assets/0.10.1/favicon_green.png
ssh_authorized_keys/coverage/assets/0.10.1/loading.gif
ssh_authorized_keys/coverage/assets/0.10.1/favicon_yellow.png

Testing File Metric
            

0.4.0 passed this metric

Version Tag Metric
            

0.4.0 passed this metric