Mike's Musings
on
puppet,
linode,
continuous
delivery,
infrastructure
as
code
Puppet: Set the User's SSH Key
This is the third in a series of posts I'm making detailing my setting up a Puppet master/slave pair of
servers on Linode. If you haven't seen them yet, go check out my first and second posts about
my Puppet servers.
Where I Left Off
At the end of the second post in the series, I had a Linode running Puppet, had Ubuntu Linux installed
on it, and had created a User named mike. I had also set mike's password so that I could login as mike
on the slave node.
Here's how the mike user was configured at the end of the last post:
SSH Keys
SSH Keys are a more secure way to login to your servers, and it also doesn't require you to either remember or
type your password every single time.
Creating a Key Pair
Following the article, on my Mac laptop, I created an SSH key for use in this blog post:
Note that if you don't currently have an SSH key, you can leave off the -f mike-blog part. That just
sets the filename that will be used by the SSH key that it generates. Since I already had a key pair and
I didn't want to use it for this post, I created another one with a distinct name.
Now, looking at my ~/.ssh directory on my laptop:
Notice that two files were created: mike-blog and mike-blog.pub. The first is the Private Key, and the
second is the Public Key. (If you need a refresher on what that means, check out the Wikipedia page on
Public-Key Cryptography.) I'm now ready to move on to configuring this inside Puppet.
Enter Puppet
If I were to login to my user on my puppetslave node and check my home directory, I'd find it pretty bare:
SSH Keys need to be stored in the ~/.ssh/authorized_keys2 file. That file needs to have 600permissions,
and the ~/.ssh directory must have 700 permissions. Anything else, and your SSH Keys won't work.
In order to accomplish this, I added the following to my /etc/manifest/site.pp file on my Puppet master node:
Then, as last time, I ran Puppet manually on the slave node so that the configuration I just set in site.pp
would be applied:
No Password Required
After that, it was simply a matter of issuing an ssh command from my Mac laptop (and making sure to point
it to use the correct SSH key on the laptop) and I was able to login, no password required.
Conclusion
This is about what I wanted to accomplish with my user on my Puppet slave node. There's still much to explore.
I'm not sure where I'm going next with this, as I have much to learn and many different directions I could
head in. Watch this space, and please leave comments below!