Manage client ssh components
Return the authorized keys for the specified user
CLI Example:
salt '*' ssh.auth_keys root
Check to see if a key needs updating, returns "update", "add" or "exists"
CLI Example:
salt '*' ssh.check_key <user> <key> <enc> <comment> <options>
Check a keyfile from a source destination against the local keys and return the keys to change
CLI Example:
salt '*' root salt://ssh/keyfile
Check the record in known_hosts file, either by its value or by fingerprint (it's enough to set up either key or fingerprint, you don't need to set up both).
If provided key or fingerprint doesn't match with stored value, return "update", if no value is found for a given host, return "add", otherwise return "exists".
If neither key, nor fingerprint is defined, then additional validation is not performed.
CLI Example:
salt '*' ssh.check_known_host <user> <hostname> key='AAAA...FAaQ=='
Return information about known host from the configfile, if any. If there is no such key, return None.
CLI Example:
salt '*' ssh.get_known_host <user> <hostname>
Return the minion's host keys
CLI Example:
salt '*' ssh.host_keys
Retrieve information about host public key from remote server
CLI Example:
salt '*' ssh.recv_known_host <hostname> enc=<enc> port=<port>
Remove an authorized key from the specified user's authorized key file
CLI Example:
salt '*' ssh.rm_auth_key <user> <key>
Remove all keys belonging to hostname from a known_hosts file.
CLI Example:
salt '*' ssh.rm_known_host <user> <hostname>
Add a key to the authorized_keys file. The "key" parameter must only be the string of text that is the encoded key. If the key begins with "ssh-rsa" or ends with user@host, remove those from the key before passing it to this function.
CLI Example:
salt '*' ssh.set_auth_key <user> '<key>' enc='dsa'
Add a key to the authorized_keys file, using a file as the source.
CLI Example:
salt '*' ssh.set_auth_key_from_file <user> salt://ssh_keys/<user>.id_rsa.pub
Download SSH public key from remote host "hostname", optionally validate its fingerprint against "fingerprint" variable and save the record in the known_hosts file.
If such a record does already exists in there, do nothing.
CLI Example:
salt '*' ssh.set_known_host <user> fingerprint='xx:xx:..:xx' enc='ssh-rsa' config='.ssh/known_hosts'