Closed montge closed 7 years ago
As things stand, you'll need to write a separate cookbook to manage authorized_keys elsewhere. This is actually desirable. The current strucutre of needing to embed 'ssh_keys' inside a data bag does not allow role or environment based management of the keys.
I see the use case, but I think this is outside the scope for the current setup of this cookbook. It's not that it wouldn't be desirable, but it would be a mess of code to mix the two use cases.
Cookbook version
master
Chef-client version
12.x.x
Platform Details
Redhat/CentOS 7.x (although should work in 5.x+)
Scenario:
Currently the cookbook users utilizes ~/.ssh/ to store ssh keys. In certain environments, there is a need to lockdown so users cannot place their own ssh keys for remote access and rather require an authorized users to place it in a proper directory. Typically this is for security reasons.
One preferred location is AuthorizedKeysFile /etc/ssh/authorized_keys/%u. Where %u is the userid and the file is set to 644 (and directory set to 755). Would like to have this added as an option for Linux hosts to the standard cookbook rather then a 'custom cookbook'
Steps to Reproduce:
Follow steps for creating user with ssh keys
Expected Result:
Select a option in the databag called "authorized_key_method" set to "centralized" (or something similar) that causes the keys to be written to /etc/ssh/authorized_keys/%u
Actual Result:
Files is written to ~/.ssh/authorized_keys