cookbook 'ssh_authorized_keys', '~> 1.0.0'
ssh_authorized_keys (5) Versions 1.0.0 Follow14
Creates SSH authorized keys files in user home directories.
cookbook 'ssh_authorized_keys', '~> 1.0.0', :supermarket
knife supermarket install ssh_authorized_keys
knife supermarket download ssh_authorized_keys
SSH Authorized Keys Cookbook
Chef cookbook to create SSH authorized keys files in user home directories.
Tries to avoid generating a corrupt file that could render your server inaccessible.
Requirements
Supported Platforms
This cookbook has been tested on the following platforms:
- AIX
- Amazon Linux
- Debian
- CentOS
- Fedora
- FreeBSD
- openSUSE
- Oracle
- RedHat
- SUSE
- Ubuntu
Please, let us know if you use it successfully on any other platform.
Required Applications
- Chef
14
or higher. - Ruby
2.5
or higher.
Definitions
ssh_authorize_key
Authorize a key for public key authentication using SSH.
Warning: This definition uses the Accumulator Pattern. This implies that any SSH key added using other methods (such as keys added by hand) will be deleted.
ssh_authorize_key Properties
Property | Default | Description |
---|---|---|
user | nil |
System user (required). |
group | user | System group. |
home | calculated | System user home path. |
key | nil |
SSH public key in base64 (required). |
keytype | 'ssh-rsa' |
SSH key type. |
comment | definition name | SSH key comment. |
options | nil |
SSH key options as a hash. |
validate_key | true |
Enable/Disable assert_key |
Usage Examples
First of all, don't forget to include the ssh_authorized_keys
cookbook as a dependency in the cookbook metadata:
# metadata.rb # [...] depends 'ssh_authorized_keys'
You can use the ssh_authorize_key
to authorize SSH public keys to use SSH public key authentication:
# Bob is the admin here. ssh_authorize_key 'bob@acme.com' do key 'AAAAB3NzaC1yc2EAAAADAQABAAABAQCctNyRouVDhzjiP[...]' user 'root' end ssh_authorize_key 'alice@acme.com' do key 'AAAAB3NzaC1yc2EAAAADAQABAAABAQCySLKbpFRGCrKU/[...]' user 'alice' end
Setting the SSH Key Options Field
You can set the options field as follows:
# As the root user by default in ubuntu: ssh_authorize_key 'bob@acme.com' do key 'AAAAB3NzaC1yc2EAAAADAQABAAABAQCctNyRouVDhzjiP[...]' user 'root' options( 'no-port-forwarding' => true, 'no-agent-forwarding' => true, 'no-X11-forwarding' => true, command: 'echo \'Please login as the user "bob" rather than the user "root".\''\ ';echo;sleep 10' ) end
Reading the Keys from a Data Bag
For example, from the following data bag item:
{ "id": "users", "bob@acme.com": { "key": "AAAAB3NzaC1yc2EAAAADAQABAAABAQCctNyRouVDhzjiP[...]", "user": "root" }, "alice@acme.com": { "key": "AAAAB3NzaC1yc2EAAAADAQABAAABAQCySLKbpFRGCrKU/[...]", "user": "alice" } }
You can read the data bag item from a recipe as follows:
users = data_bag_item('ssh', 'users') users.delete('id') users.each do |name, ssh_key| ssh_authorize_key name do key ssh_key['key'] user ssh_key['user'] end end
See the data bags DSL documentation for a more detailed explanation and the data bags knife documentation to learn how to create a data bag.
Attributes
These attributes are primarily intended to support the different platforms. Do not touch them unless you know what you are doing.
Attribute | Default | Description |
---|---|---|
node['ssh_authorized_keys']['keytypes'] |
calculated | Allowed SSH key types. |
Testing
See TESTING.md.
ChefSpec Tests
To create ChefSpec tests for the ssh_authorize_key
definition, you can use the render_file
matcher to check the authorized_keys file content:
it 'allows bob to login as root' do expect(chef_run).to render_file('/root/.ssh/authorized_keys') .with_content(/^ssh-rsa [A-Za-z0-9+\/=]+ bob@acme\.com$/) end
You can also test against the internal template:
it 'creates ~bob/.ssh/authorized_keys file' do expect(chef_run).to create_template('/home/bob/.ssh/authorized_keys') end
Contributing
Please do not hesitate to open an issue with any questions or problems.
See CONTRIBUTING.md.
TODO
See TODO.md.
License and Author
Author: | Raul Rodriguez (raul@onddo.com) |
Author: | Xabier de Zuazo (xabier@zuazo.org) |
Contributor: | Ong Ming Yang |
Contributor: | MVNW |
Contributor: | Anthony Caiafa |
Contributor: | Benjamin M. Hughes |
Contributor: | Corey Hemminger |
Copyright: | Copyright (c) 2015-2016, Xabier de Zuazo |
Copyright: | Copyright (c) 2015, Onddo Labs, SL. |
License: | Apache License, Version 2.0 |
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Dependent cookbooks
This cookbook has no specified dependencies.
Contingent cookbooks
CHANGELOG for ssh_authorized_keys
All notable changes to the ssh_authorized_keys
Chef cookbook will be documented in this file.
The format is based on Keep a Changelog and this project adheres to Semantic Versioning.
1.0.0 - 2020-08-09
Added
- Chef 16 support (issues #15 and #16, thanks Benjamin M. Hughes and Corey Hemminger).
- Included Oracle support.
Removed
- Drop Ruby
< 2.5
support. - Drop Chef
< 14
support.
Documentation Changes
- README: Fix broken badges
0.4.0 - 2017-06-12
Added
- Adding ability to disable assert (issue #6, thanks Anthony Caiafa).
- Allowing direct key injection (issue #7, thanks Anthony Caiafa).
- Add AIX as supported platform (issue #8, thanks Mike Veltman).
- metadata: Add
chef_version
.
Removed
- Drop Ruby
< 2.3
support. - Drop Chef
< 12
support.
Documentation Changes
- README:
- Add documentation badge.
- Fix Parameters table.
- Add GitHub templates.
- CHANGELOG: Follow "Keep a CHANGELOG".
0.3.0 - 2015-08-14
Fixed
- Use gid from
Etc.getpwnam
(issue #3, thanks Ong Ming Yang). - Recursively create .ssh directory if it does not exist (issue #4, thanks Ong Ming Yang).
- Update chef links to use chef.io domain.
- Update contact information and links after migration.
0.2.0 - 2015-05-27
Added
- Add openSUSE as supported platform.
Fixed
- Sort keys always in the same order (issue #2, thanks to Chris Burroughs for the idea).
0.1.0 - 2015-01-11
- Initial release of
ssh_authorized_keys
.
Collaborator Number Metric
1.0.0 failed this metric
Failure: Cookbook has 1 collaborators. A cookbook must have at least 2 collaborators to pass this metric.
Contributing File Metric
1.0.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
1.0.0 passed this metric
No Binaries Metric
1.0.0 passed this metric
Testing File Metric
1.0.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
1.0.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
1.0.0 failed this metric
1.0.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
1.0.0 passed this metric
No Binaries Metric
1.0.0 passed this metric
Testing File Metric
1.0.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
1.0.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
1.0.0 passed this metric
1.0.0 passed this metric
Testing File Metric
1.0.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
1.0.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
1.0.0 failed this metric
1.0.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number