Hey
Thanks for the response. Moving where sshd looks for authorized_keys is
one of the recommendations I make in a white paper I wrote a while back
discussing the benefits of 2FA to privileged accounts.
http://www.olearycomputers.com/ll/security/ssh/sudo_v_ssh-pka.html
I'll take a look at you
I've solved this by moving ssh keys to a different location outside
/home/user/.ssh to /etc/ssh.d/user. This gives you full control over the
ssh-keys without the possibility that a user more or less accidentally
change it to something not compliant. You can take a look at my ssh module (
https://fo
Excellent! Thank you very much; that will cut a huge amount of time off my
research.
Thanks again.
Doug
On Tuesday, July 5, 2016 at 9:42:24 AM UTC-5, Peter Kristolaitis wrote:
>
> There is an attribute on the 'user' type called 'purge_ssh_keys'. If you
> set it to 'true', Puppet will remove
There is an attribute on the 'user' type called 'purge_ssh_keys'. If you
set it to 'true', Puppet will remove all SSH keys from
~/.ssh/authorized_keys if they are not explicitly managed by Puppet.
So if you have something like:
user { 'appadmin':
purge_ssh_keys: true,
}
ssh
Hey, all;
I have a number of application administration accounts which can be
accessed via a select set of ssh keys. I've seen several pages/recipes for
using virtual users and the ssh_authorized_key resource which look like
they work well for adding and deleting keys; but, not necessarily for
