You want to disable password based access to servers so you need a painless way to manage users ssh pubkeys. These recipes help you do both.
Setup a user’s SSH public keys
If you’re setting up keys for yourself you can just hit enter. deprec looks in your homedir for your public key.
If you’re pushing out keys for another user, deprec looks for their key and alerts you if it can’t be found.
$ cap deprec:ssh:setup_keys HOSTS=lucid triggering load callbacks * executing `deprec:connect_canonical_tasks' * executing `deprec:ssh:setup_keys' Setup keys for which user? |mbailey| fred Could not find ssh public key(s) for user fred Please create file containing ssh public keys in: config/ssh/authorized_keys/fred
Push out some smarter SSH configs
While you *could* just push out my version of sshd_config without reading through it that would be placing blind faith in me and rubygems.org. We’re going to generate the configs locally and then push them out instead
Generate a copy of SSH configs to keep under source control
$ cap deprec:ssh:config_gen triggering load callbacks * executing `deprec:connect_canonical_tasks' * executing `deprec:ssh:config_gen' File exists (config/ssh/etc/ssh/sshd_config). Overwrite? ([y]es, [n]o, [d]iff) |n| y [done] config/ssh/etc/ssh/sshd_config written [skip] Identical file exists (config/ssh/etc/ssh/ssh_config).
Finally push out some smarter SSH configs
deprec’s :config tasks always push out local copies of config files in preference to generating them.
cap deprec:ssh:config HOSTS=lucid