Ssh – Using Puppet to remove SSH keys not explicitly allowed

puppetssh

I'm using puppet to distribute SSH keys, like so:

ssh_authorized_key { "alice@foo.com":
   ensure => present,
   key => 'xxxx',
   type => 'ssh-rsa',
   user => 'deploy',
}

The ~/.ssh/authorized_keys file ends up containing a mix of keys from multiple classes, which is the desired result. However, if a key is manually added to $HOME/.ssh/authorized_keys, Puppet will leave it in place. Is there a way to always remove any key that has not been explicitly defined in a manifest?

I have puppet version 2.7.1.

Best Answer

Starting with Puppet 3.6 it is now possible to purge unmanaged SSH authorized keys via the user type. For example,

user { 'nick':
  ensure         => present,
  purge_ssh_keys => true,
}

Best Answer

Related Solutions

Ssh – risk of using ssh public keys

How to have puppet deploy ssh keys for virtual users

Related Topic