search

sous-chefs / users

Development repository for the users cookbook
https://supermarket.chef.io/cookbooks/users
Apache License 2.0
138 stars 218 forks source link

Support for custom authorized keys file #408

Closed mateuszkwiatkowski closed 6 years ago

mateuszkwiatkowski commented 6 years ago

Cookbook version

5.1.0

Chef-client version

All

Platform Details

Linux and Unix platforms with OpenSSH.

Scenario:

Some cloud vendors manage SSH keys in virtual machines (eg. Google Cloud) using the ~/.ssh/authorized_keys file. Running users cookbook in these environments breaks that neat feature. Simple workaround is to manage ~/.ssh/authorized_keys2 file with Chef and leave ~/.ssh/authorized_keys for default vendors' orchestration. Also, it's possible to set custom location of authorized keys file. This feature is documented in SSHD(8):

AuthorizedKeysFile specifies the files containing public keys for public key authentication; if this option is not specified, the default is ~/.ssh/authorized_keys and ~/.ssh/authorized_keys2.

Steps to Reproduce:

Launch virtual machine in Google Cloud and manage accounts with users cookbook.

Expected Result:

Users cookbook doesn't break authorized_keys managed by Google Cloud.

Actual Result:

Users cookbook overwrites keys written by Google Cloud.

tas50 commented 6 years ago

We can now specify this in the data bag for individual users in 5.4.0