How can I create ssh private and public keys for user per server during installation, and then add new created public keys for different users on different servers?
For example:
server 1
server 2
I know how to create the keys( public, private), but how can I exchange these keys between servers, two or more?
答案 0 :(得分:1)
如果查看文档,您将找到ssh_auth.present州。 https://docs.saltstack.com/en/latest/ref/states/all/salt.states.ssh_auth.html#salt.states.ssh_auth.present
为了动态填充授权密钥,我使用支柱数据作为事实的来源。为确保用户及其公钥在适当的服务器上,我将使用盐状态,例如:
cat /srv/salt/server_users.sls
{% set users = pillar.get('server_users') %}
{% for user in users %}
{{ user }}_setup:
user.present
{{ user }}_sshkey:
ssh_auth.present:
- source: salt://pubkeys/{{ user }}.pub
- user: {{ user }}
{% endfor }}
然后我放弃了所有用户'公钥到/srv/salt/pubkeys/目录。
此时我设置了平面文件支柱或外部支柱,它将为每个服务器提供server_users的支柱密钥,其值是我希望在该特定服务器上存在的用户列表部署了ssh密钥。
平面文件支柱的示例看起来像这样。
cat /srv/pillar/top.sls
base:
'server01':
- users.server01
'server02':
- users.server02
cat /srv/pillar/users/server01.sls
server_users:
- sarah
- joe
- kari
- kanchan
cat /srv/pillar/users/server02.sls
server_users:
- kanchan
- john
- sumit
因此,在此示例中,kanchan可以访问两个服务器,而其他用户只能访问其中一个服务器。