Issue #1581 has been updated by Justin Dow.
I agree that this should be tied to users. It makes sense to me that one should
manage an ssh key for a user only if also managing that user. Another
alternative would be to have to explicitly need a purge statement per user,
something like:
resources {
ssh_authorized_key:
user => "root",
purge => true
}
I'm not familiar with the code, but I think having something like this would
solve all my problems, since I purge unmanaged non-system users already and
have scripts to enumerate the non-system users that I need to keep, my scripts
could easily also populate a resources resource with the same list of users
that need their keys purged. I'm not sure how others are doing user management,
but having a per-user key purging setup would work for me and enable me to use
puppet to keep my security requirements regarding key management.
----------------------------------------
Feature #1581: Ability to purge .ssh/authorized_keys
https://projects.puppetlabs.com/issues/1581#change-75172
Author: Lars Volker
Status: Accepted
Priority: Normal
Assignee: eric sorenson
Category: ssh
Target version:
Affected Puppet version: 0.24.4
Keywords:
Branch:
As I'm new to puppet i'll try to describe this as good as i can.
I wanted to use the ssh_authorized_key type to add keys to ssh. After a
discussion on irc i was suggested to use virtual resources and realize each key
for each class needed. This worked well for me.
However i am not able to purge all other keys from the authorized_keys file
without either specifying the comment or by copying an empty file there before
adding the keys, which causes the system to lock up until the update is done.
I tried using resources{} type, but as ssh_authorized_key doesn't support
"self.instances" this was also of no success.
The feature i'd like to have is an implementation of "instances" so resources{}
works for authorized_keys.
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en.
