sshkey,作为系统管理人员经常会使用ssh 连接远程服务器,创建相应的密钥,可以免去每次登录都要输入密码的痛苦。另外关闭相应的password认证,用ssh key来认证也可以提高ssh 安全。但有个问题,就是有N多台服务器,如何批量创建ssh key认证呢? 还是用shell的for循环? 其实这完全可以交给puppet来搞定。
作用:
管理SSH主机密钥。
格式:
ssh_authorized_key { "title": #说明,在公钥最后,必须是唯一的,已有的就不会再执行了 ensure => present|absent, type => "ssh-dss|ssh-rsa", #key生成的加密类型 key => '公钥', user => '用户', #会自动写入/用户/ .ssh/authorized_keys target => 'ssh公钥路径'; #同user }
|
例:
#生成秘钥对 [root@master manifests]# ssh-keygen -t dsa -C "test by sky" Generating public/private dsa key pair. Enter file in which to save the key (/root/.ssh/id_dsa): Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_dsa. Your public key has been saved in /root/.ssh/id_dsa.pub. The key fingerprint is: 7a:63:d7:9c:11:eb:46:bb:ee:46:8e:29:b5:30:86:7a test by sky The key's randomart image is: +--[ DSA 1024]----+ | | | | | . | | o | | .S + | | ..+ .=.+ | | ...++.*B | | . Eo.o+.o. | | . . ++ | +-----------------+ [root@master manifests]# ls 1.pp nodes.pp site.pp [root@master manifests]# cat /root/.ssh/id_dsa id_dsa id_dsa.pub [root@master manifests]# cat /root/.ssh/id_dsa.pub ssh-dss AAAAB3NzaC1kc3MAAACBAN6Ic2WnGn0oLq2GwR9r93/BZymAxapM0IvlLSlcGihrzHvGmYAPv782A/UuOfv5s5PlzfBykn6/31LRh/2uYWohzRaj6busHGvtJZyMe0rAHnX5zeok1auZrLdJeAuia4wXWM9LWQaiIn5nNdTxqedFxfqwPyeXaJsJbiHBkYQJAAAAFQD92IsVPE7HVGP37u+BmBaxUjq+qwAAAIEApxWF64ZxFqwyMpYk49cv5jrk2ovH0VkvFpjKTMFBGv1XcWqNv7FlPpYSmX55K7ugtSKXUyfs2JNgxQHJ/w0uiJXBH8nj6SYlmfjHsYX/jCDH3Ur1+vLzW2APYpEamqwJZYCgUPLySeAqSNurXdmwtxtJYJFbmhECvN0X/BPKpScAAACBAKnoy3DVgc90QLAUM1CTxdYO0LiYqLrm0m/cOqLG3G4Zrc9Bgt+CgONw7MEkn4GtZXevhO3476kehXY/UdqVRtZicA1QrXL8/ZkD7QvnECpORzKKsRPi23X+DZOmgO/L0aLzF2wUYALDAUn5L1BIicjirmQmiVfUOx15nd78T+Fb test by sky
# vi /etc/puppet/manifest/test.pp ssh_authorized_key { "perofu-PC": ensure => present, type => "ssh-dss", key => 'AAAAB3NzaC1kc3MAAACBAN6Ic2WnGn0oLq2GwR9r93/BZymAxapM0IvlLSlcGihrzHvGmYAPv782A/UuOfv5s5PlzfBykn6/31LRh/2uYWohzRaj6busHGvtJZyMe0rAHnX5zeok1auZrLdJeAuia4w XWM9LWQaiIn5nNdTxqedFxfqwPyeXaJsJbiHBkYQJAAAAFQD92IsVPE7HVGP37u+BmBaxUjq+qwAAAIEApxWF64ZxFqwyMpYk49cv5jrk2ovH0VkvFpjKTMFBGv1XcWqNv7FlPpYSmX55K7ugtSKXUyfs2JNgxQHJ/w0uiJ XBH8nj6SYlmfjHsYX/jCDH3Ur1+vLzW2APYpEamqwJZYCgUPLySeAqSNurXdmwtxtJYJFbmhECvN0X/BPKpScAAACBAKnoy3DVgc90QLAUM1CTxdYO0LiYqLrm0m/cOqLG3G4Zrc9Bgt+CgONw7MEkn4GtZXevhO3476keh XY/UdqVRtZicA1QrXL8/ZkD7QvnECpORzKKsRPi23X+DZOmgO/L0aLzF2wUYALDAUn5L1BIicjirmQmiVfUOx15nd78T+Fb', user => 'root'; }
# [root@client ~]# rm -rf .ssh/authorized_keys [root@client ~]# puppet agent -vv --test --server master.perofu.com info: Caching catalog for client.perofu.com info: Applying configuration version '1395096132' notice: /Stage[main]//Ssh_authorized_key[perofu-PC]/ensure: created notice: Finished catalog run in 0.28 seconds [root@client ~]# cat .ssh/authorized_keys # HEADER: This file was autogenerated at Tue Mar 18 06:43:04 +0800 2014 # HEADER: by puppet. While it can still be managed manually, it # HEADER: is definitely not recommended. ssh-dss AAAAB3NzaC1kc3MAAACBAN6Ic2WnGn0oLq2GwR9r93/BZymAxapM0IvlLSlcGihrzHvGmYAPv782A/UuOfv5s5PlzfBykn6/31LRh/2uYWohzRaj6busHGvtJZyMe0rAHnX5zeok1auZrLdJeAuia4wXWM9LWQaiIn5nNdTxqedFxfqwPyeXaJsJbiHBkYQJAAAAFQD92IsVPE7HVGP37u+BmBaxUjq+qwAAAIEApxWF64ZxFqwyMpYk49cv5jrk2ovH0VkvFpjKTMFBGv1XcWqNv7FlPpYSmX55K7ugtSKXUyfs2JNgxQHJ/w0uiJXBH8nj6SYlmfjHsYX/jCDH3Ur1+vLzW2APYpEamqwJZYCgUPLySeAqSNurXdmwtxtJYJFbmhECvN0X/BPKpScAAACBAKnoy3DVgc90QLAUM1CTxdYO0LiYqLrm0m/cOqLG3G4Zrc9Bgt+CgONw7MEkn4GtZXevhO3476kehXY/UdqVRtZicA1QrXL8/ZkD7QvnECpORzKKsRPi23X+DZOmgO/L0aLzF2wUYALDAUn5L1BIicjirmQmiVfUOx15nd78T+Fb perofu-PC
|
至此,puppet的sshkey资源就结束了,接下来的是mount资源的学习,请听下回分解!!!