.\" Man page generated from reStructuredText. . .TH "CDIST-TYPE__SSH_AUTHORIZED_KEYS" "7" "Feb 16, 2019" "4.10.6" "cdist" . .nr rst2man-indent-level 0 . .de1 rstReportMargin \\$1 \\n[an-margin] level \\n[rst2man-indent-level] level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] - \\n[rst2man-indent0] \\n[rst2man-indent1] \\n[rst2man-indent2] .. .de1 INDENT .\" .rstReportMargin pre: . RS \\$1 . nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin] . nr rst2man-indent-level +1 .\" .rstReportMargin post: .. .de UNINDENT . RE .\" indent \\n[an-margin] .\" old: \\n[rst2man-indent\\n[rst2man-indent-level]] .nr rst2man-indent-level -1 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. .SH NAME .sp cdist\-type__ssh_authorized_keys \- Manage ssh authorized_keys files .SH DESCRIPTION .sp Adds or removes ssh keys from a authorized_keys file. .sp This type uses the __ssh_dot_ssh type to manage the directory containing the authorized_keys file. You can disable this feature with the \-\-noparent boolean parameter. .sp The existence, ownership and permissions of the authorized_keys file itself are also managed. This can be disabled with the \-\-nofile boolean parameter. It is then left to the user to ensure that the file exists and that ownership and permissions work with ssh. .SH REQUIRED PARAMETERS .INDENT 0.0 .TP .B key the ssh key which shall be added to this authorized_keys file. Must be a string and can be specified multiple times. .UNINDENT .SH OPTIONAL PARAMETERS .INDENT 0.0 .TP .B comment explicit comment instead of the one which may be trailing the given key .TP .B file an alternative destination file, defaults to ~$owner/.ssh/authorized_keys .TP .B option an option to set for all created authorized_key entries. Can be specified multiple times. See sshd(8) for available options. .TP .B owner the user owning the authorized_keys file, defaults to object_id. .TP .B state if the given keys should be \(aqpresent\(aq or \(aqabsent\(aq, defaults to \(aqpresent\(aq. .UNINDENT .SH BOOLEAN PARAMETERS .INDENT 0.0 .TP .B noparent don\(aqt create or change ownership and permissions of the directory containing the authorized_keys file .TP .B nofile don\(aqt manage existence, ownership and permissions of the the authorized_keys file .UNINDENT .SH EXAMPLES .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C # add your ssh key to remote root\(aqs authorized_keys file __ssh_authorized_keys root \e \-\-key "$(cat ~/.ssh/id_rsa.pub)" # allow key to login as user\-name __ssh_authorized_keys user\-name \e \-\-key "ssh\-rsa AXYZAAB3NzaC1yc2..." # allow key to login as user\-name with options and expicit comment __ssh_authorized_keys user\-name \e \-\-key "ssh\-rsa AXYZAAB3NzaC1yc2..." \e \-\-option no\-agent\-forwarding \e \-\-option \(aqfrom="*.example.com"\(aq \e \-\-comment \(aqbackup server\(aq # same as above, but with explicit owner and two keys # note that the options are set for all given keys __ssh_authorized_keys some\-fancy\-id \e \-\-owner user\-name \e \-\-key "ssh\-rsa AXYZAAB3NzaC1yc2..." \e \-\-key "ssh\-rsa AZXYAAB3NzaC1yc2..." \e \-\-option no\-agent\-forwarding \e \-\-option \(aqfrom="*.example.com"\(aq \e \-\-comment \(aqbackup server\(aq # authorized_keys file in non standard location __ssh_authorized_keys some\-fancy\-id \e \-\-file /etc/ssh/keys/user\-name/authorized_keys \e \-\-owner user\-name \e \-\-key "ssh\-rsa AXYZAAB3NzaC1yc2..." # same as above, but directory and authorized_keys file is created elswhere __ssh_authorized_keys some\-fancy\-id \e \-\-file /etc/ssh/keys/user\-name/authorized_keys \e \-\-owner user\-name \e \-\-noparent \e \-\-nofile \e \-\-key "ssh\-rsa AXYZAAB3NzaC1yc2..." .ft P .fi .UNINDENT .UNINDENT .SH SEE ALSO .sp \fBsshd\fP(8) .SH AUTHORS .sp Steven Armstrong <\fI\%steven\-cdist\-\-@\-\-armstrong.cc\fP> .SH COPYING .sp Copyright (C) 2012\-2014 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. .\" Generated by docutils manpage writer. .