salt.modules.ssh

Manage client ssh components

Members

auth_keys

salt.modules.ssh.auth_keys(user, config='.ssh/authorized_keys')

Return the authorized keys for the specified user

CLI Example:

salt '*' ssh.auth_keys root

check_key

salt.modules.ssh.check_key(user, key, enc, comment, options, config='.ssh/authorized_keys')

Check to see if a key needs updating, returns "update", "add" or "exists"

CLI Example:

salt '*' ssh.check_key <user> <key>

check_key_file

salt.modules.ssh.check_key_file(user, keysource, config='.ssh/authorized_keys', env='base')

Check a keyfile from a source destination against the local keys and return the keys to change

check_known_host

salt.modules.ssh.check_known_host(user, hostname, key=None, fingerprint=None, config='.ssh/known_hosts')

Check the record in known_hosts file, either by its value or by fingerprint (it's enough to set up either key or fingerprint, you don't need to set up both).

If provided key or fingerprint doesn't match with stored value, return "update", if no value is found for a given host, return "add", otherwise return "exists".

If neither key, nor fingerprint is defined, then additional validation is not performed.

CLI Example:

salt '*' ssh.check_known_host <user> <hostname> key='AAAA...FAaQ=='

get_known_host

salt.modules.ssh.get_known_host(user, hostname, config='.ssh/known_hosts')

Return information about known host from the configfile, if any. If there is no such key, return None.

CLI Example:

salt '*' ssh.get_known_host <user> <hostname>

host_keys

salt.modules.ssh.host_keys(keydir=None)

Return the minion's host keys

CLI Example:

salt '*' ssh.host_keys

recv_known_host

salt.modules.ssh.recv_known_host(user, hostname, enc=None, port=None, hash_hostname=False)

Retreive information about host public key from remote server

CLI Example:

salt '*' ssh.recv_known_host <user> <hostname> enc=<enc> port=<port>

rm_auth_key

salt.modules.ssh.rm_auth_key(user, key, config='.ssh/authorized_keys')

Remove an authorized key from the specified user's authorized key file

CLI Example:

salt '*' ssh.rm_auth_key <user> <key>

rm_known_host

salt.modules.ssh.rm_known_host(user, hostname, config='.ssh/known_hosts')

Remove all keys belonging to hostname from a known_hosts file.

CLI Example:

salt '*' ssh.rm_known_host <user> <hostname>

set_auth_key

salt.modules.ssh.set_auth_key(user, key, enc='ssh-rsa', comment='', options=[], config='.ssh/authorized_keys')

Add a key to the authorized_keys file

CLI Example:

salt '*' ssh.set_auth_key <user> key='<key>' enc='dsa'                comment='my key' options='[]' config='.ssh/authorized_keys'

set_auth_key_from_file

salt.modules.ssh.set_auth_key_from_file(user, source, config='.ssh/authorized_keys', env='base')

Add a key to the authorized_keys file, using a file as the source.

CLI Example:

salt '*' ssh.set_auth_key_from_file <user>                salt://ssh_keys/<user>.id_rsa.pub

set_known_host

salt.modules.ssh.set_known_host(user, hostname, fingerprint=None, port=None, enc=None, hash_hostname=True, config='.ssh/known_hosts')

Download SSH public key from remote host "hostname", optionally validate its fingerprint against "fingerprint" variable and save the record in the known_hosts file.

If such a record does already exists in there, do nothing.

CLI Example:

salt '*' ssh.set_known_host <user> fingerprint='xx:xx:..:xx' enc='ssh-rsa'                 config='.ssh/known_hosts'