Comments (3)
brot
commented on July 26, 2024
I've just come across the same problem.
How should I define my pillar file to add more than one key for the same user?
I would suggest to swap "user" and "name". For example
auth.sls
{%- for name,keys in auth.items() -%}
{%- for key in keys -%}
{% if 'present' in key and key['present'] %}
{{ name }}:
ssh_auth.present:
- user: {{ key['user'] }}
pillar.example
openssh:
auth:
JOE_VALID_SSH_PUBLIC_KEY:
- name: joe
present: True
enc: ssh-rsa
comment: main key
It seems a bad choice to use the user as "id" in the pillar file. Better would be to make the "name" the id, as it's the output in the auth.sls anyway!? Or am I wrong?
from openssh-formula.
Sudo-Kid
commented on July 26, 2024
Bogdnar try changing the second "www-data" to "www-data2". You have 2 items in a list with the same name this is most likely why you are getting the error.
Brot: In the pillar example there are 2 keys for one user "JOE_VALID_SSH_PUBLIC_KEY" and "JOE_NON_VALID_SSH_PUBLIC_KEY". If you want to add a second key for "joe" you would just add a second instance of "- name: ######" and set it to "present: true".
openssh:
auth:
joe:
- name: JOE_VALID_SSH_PUBLIC_KEY
present: True
enc: ssh-rsa
comment: main key
- name: JOE_SECOND_VALID_SSH_PUBLIC_KEY
present: True
enc: ssh-rsa
comment: obsolete key - removed
- name: JOE_NON_VALID_SSH_PUBLIC_KEY
present: False
enc: ssh-rsa
comment: obsolete key - removed
from openssh-formula.
brot
commented on July 26, 2024
@the-kid89: Have you ever tried what you just recommended?
Bogdnar could not change "www-data" to "www-data2" because this string is used for the user. And Bogdnar don't want the third key for "www-data2". He want two keys for the user "www-data"
And that's the same reason why it's not possible to just add another entry with "present: True"
That's why I created a new branch on my fork of this repository https://github.com/brot/openssh-formula/commit/cc2b348dc3fdb7989cb7540800a70e897cfb006c (comments are welcome)
Now auth.sls is able to use the current format
joe: # user
- name: joe
present: True
source: salt://ssh_keys/joe.id_rsa.pub
or the new format where it's now possible to swap the user and name entry in the pillar
joe-desktop:
- user: joe
present: True
source: salt://ssh_keys/joe.desktop.id_rsa.pub
joe-notebook:
- user: joe
present: True
source: salt://ssh_keys/joe.notebook.id_rsa.pub
from openssh-formula.
Related Issues (20)
- Test config before restarting service HOT 6
- Some minor version issues HOT 2
- Indenting does not render properly HOT 2
- openssh.config_ini / HostKey clobbering HOT 1
- Needs workaround for RedHat-family 6.x with SELinux enabled ("check_cmd execution failed ... Permission denied") (fix included) HOT 2
- Remove blank lines in rendered ssh_config and sshd_config HOT 6
- Jinja error: variable 'dict object' has no attribute 'ssh_config'
- Wish: Add support for Win32-OpenSSH HOT 1
- Indicate deprecated config HOT 2
- Sort example pillar options HOT 1
- config_ini duplicating lines due to tab instead of space (e.g. Subsystem) HOT 14
- Implement `semantic-release` for this formula HOT 17
- Convert tests from Serverspec to Inspec (working on both Docker and Vagrant) HOT 1
- Change file extension of `_pillar/known_hosts_salt_ssh.sls` to `.py`
- [BUG] ssh_config multiple IdentityFile not supported HOT 4
- Deprecated option UsePrivilegeSeparation HOT 2
- [BUG] When running with salt-ssh, getting error that 'opts' is not defined. HOT 2
- [BUG] Aliases in known_hosts not picked up HOT 2
- [BUG] Log cluttered with message: "'delimiter' and 'merge' options of 'config.get' are skipped when the salt command type is 'unknown'" HOT 8
- [FEATURE] Lookup ListenAddress from Pillar key
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openssh-formula.