-1

Goal

For testing, we want this to work: ssh $USER@localhost.

  1. create rsa keypair in ~/.ssh/, if not already there
  2. add .ssh/id_rsa.pub to .ssh/authorized_keys, if not already in this file.

Question

How to do this with salt-stack?

guettli
  • 3,113
  • 14
  • 59
  • 110

1 Answers1

3

State:

 generate_ssh_key_my_user:
  cmd.run:
    - name: ssh-keygen -q -N '' -f /home/my_user/.ssh/id_rsa
    - runas: my_user
    - unless: test -f /home/my_user/.ssh/id_rsa

State for authorized_key:

  ssh_auth.present:
   - user: my_user
   - require:
     - user: my_user
   - names:
     - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGt6eIzilRygebgpzpRwVgja7NbXrGHgG7QbIxOhSUpwmuzJ7nHELrbbA9z+CyTFZwRtpr27OQDv7L8ox5Wp6iCFxyb5Y8sVC8vyYNoFPTfMz4qtgf0xXZRDAzzkeczuMqQubnJtanxhR7t9H2RBSxLvZkqD18O/GekCXBmR43yrBi03rVHcvumTW6m5Kg5qihq/adhVQDutiCp3ICq/blahbasd my_user@

that ssh-rsa is your generated .pub key

Danila Ladner
  • 5,241
  • 21
  • 30
  • 1
    The first part ("generate_ssh_key_my_user:") looks good. But: In my environment, I can't add the created ssh-rsa key to a sls file. This is an automated system which creates a lot of ssh-keys (for testing). Is there a different way to solve the second part? – guettli Oct 25 '16 at 14:16
  • My question on how to do this without putting the ssh-rsa into a sls file is still open. But I give you the bounty. Thank you for answering the first part of the question. – guettli Nov 01 '16 at 08:57
  • I will look into the second part. Sorry was busy at work. – Danila Ladner Nov 01 '16 at 16:17