On Mon, Nov 26, 2012 at 1:47 PM, Jakov Sosic <[email protected]> wrote:
> Hi.
>
> I'm wondering is there a way to manage ssh servers, in a way that every
> machine has it's own key?
I've used the "private" file server mechanism to serve out node sensitive files.
The following snippet shows this:
class ssh::config($sshd_config_source =
"puppet:///modules/ssh/etc/ssh/sshd_config") {
file { "/etc/ssh/sshd_config":
source => $sshd_config_source,
require => Class["ssh::install"],
notify => Service["ssh"],
}
file { "/etc/pam.d/sshd":
source => "puppet:///modules/ssh/etc/pam.d/sshd",
require => [ Class["ssh::install"], Class["libpam_radius_auth"] ],
}
file { "/etc/ssh/ssh_host_dsa_key":
mode => 0600,
source => "puppet:///private/etc/ssh/ssh_host_dsa_key",
require => Class["ssh::install"],
notify => Service["ssh"],
}
file { "/etc/ssh/ssh_host_dsa_key.pub":
source => "puppet:///private/etc/ssh/ssh_host_dsa_key.pub",
require => Class["ssh::install"],
notify => Service["ssh"],
}
file { "/etc/ssh/ssh_host_rsa_key":
mode => 0600,
source => "puppet:///private/etc/ssh/ssh_host_rsa_key",
require => Class["ssh::install"],
notify => Service["ssh"],
}
file { "/etc/ssh/ssh_host_rsa_key.pub":
source => "puppet:///private/etc/ssh/ssh_host_rsa_key.pub",
require => Class["ssh::install"],
notify => Service["ssh"],
}
}
-mz
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
