On May 25, 2011, in sysadmin, by Mike Bailey

You want to disable password based access to servers so you need a painless way to manage users ssh pubkeys. These recipes help you do both.

Setup a user’s SSH public keys

If you’re setting up keys for yourself  you can just hit enter. deprec looks in your homedir for your public key.

If you’re pushing out keys for another user, deprec looks for their key and alerts you if it can’t be found.

$ cap deprec:ssh:setup_keys HOSTS=lucid
    triggering load callbacks
  * executing `deprec:connect_canonical_tasks'
  * executing `deprec:ssh:setup_keys'
Setup keys for which user?  |mbailey|

          Could not find ssh public key(s) for user fred

          Please create file containing ssh public keys in:


Push out some smarter SSH configs

While you *could* just push out my version of sshd_config without reading through it that would be placing blind faith in me and We’re going to generate the configs locally and then push them out instead

Generate a copy of SSH configs to keep under source control

$ cap deprec:ssh:config_gen
    triggering load callbacks
  * executing `deprec:connect_canonical_tasks'
  * executing `deprec:ssh:config_gen'

File exists (config/ssh/etc/ssh/sshd_config).
    Overwrite? ([y]es, [n]o, [d]iff)  |n|
[done] config/ssh/etc/ssh/sshd_config written
[skip] Identical file exists (config/ssh/etc/ssh/ssh_config).

Finally push out some smarter SSH configs

deprec’s :config tasks always push out local copies of config files in preference to generating them.

cap deprec:ssh:config HOSTS=lucid

Comments are closed.