Take a look at https://github.com/gtcoc/sshkeys for an idea. It isn't documented well (yet), so here are some rough notes:
* the module assumes you are using hiera to supply default arguments. you can see the default values in the hieradata directory * the sshkeys::hostkeys class best shows how it works: + the master makes a call (via generate) to a perl script (sshkeys.pl) + the perl script either retrieves or generates a new key for the host * assuming you set up hiera properly (or otherwise specify default parameter values), I think all you should need to use this is: on the puppet master: include sshkeys::install and on the nodes: include sshkeys::hostkeys * if you want to distribute the keys into a known_hosts file, then you have to set up a file serving location for the file and pull it down. I created a module that I use for serving various files in our environment, and I set the parameter 'sshkeys::install::knownhosts_servedir' to put the file in the proper place. Then on all of my hosts I add a file resource: file { '/etc/ssh/ssh_known_hosts': source => 'puppet:///modules/ccfiles/ssh_known_hosts', mode => '0444', owner => 'root', group => 'root', } Hope that helps, Chad On Mon, Nov 26, 2012 at 2:47 PM, Jakov Sosic <jso...@srce.hr> wrote: > Hi. > > I'm wondering is there a way to manage ssh servers, in a way that every > machine has it's own key? > > I'm talking about these files: > > /etc/ssh/ssh_host_dsa_key > /etc/ssh/ssh_host_dsa_key.pub > /etc/ssh/ssh_host_rsa_key > /etc/ssh/ssh_host_rsa_key.pub > /etc/ssh/ssh_host_key > /etc/ssh/ssh_host_key.pub > > > Ideally I would like to have a module that replaces those files with > files from puppet server, for specific host, if they are available, and > if not, then to gather them from the client. > > I think this is not possible, so is there some sensible way to manage > those files in a different fashion? Holding every file under: > > /etc/puppet/files/ssh/<%= hostname => > > is a possibilty, but if someone has done this already I would appretiate > some hints. > > > I'm trying to set up persistent ssh server keys across reinstallations > of hosts... > > > -- > Jakov Sosic > www.srce.unizg.hr > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- Chad M. Huneycutt -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.