{"id":17717279,"url":"https://github.com/bwesterb/claviger","last_synced_at":"2025-07-16T05:06:25.641Z","repository":{"id":57417241,"uuid":"47613349","full_name":"bwesterb/claviger","owner":"bwesterb","description":"Synchronise remote SSH authorised_keys","archived":false,"fork":false,"pushed_at":"2019-01-24T18:38:36.000Z","size":50,"stargazers_count":23,"open_issues_count":0,"forks_count":4,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-06-13T02:46:06.872Z","etag":null,"topics":["admin","authorized-keys","cli","python","ssh"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bwesterb.png","metadata":{"files":{"readme":"README.rst","changelog":"CHANGES.rst","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-12-08T09:50:36.000Z","updated_at":"2025-02-27T07:38:17.000Z","dependencies_parsed_at":"2022-08-30T00:51:41.685Z","dependency_job_id":null,"html_url":"https://github.com/bwesterb/claviger","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/bwesterb/claviger","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bwesterb%2Fclaviger","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bwesterb%2Fclaviger/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bwesterb%2Fclaviger/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bwesterb%2Fclaviger/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bwesterb","download_url":"https://codeload.github.com/bwesterb/claviger/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bwesterb%2Fclaviger/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":265158977,"owners_count":23720225,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["admin","authorized-keys","cli","python","ssh"],"created_at":"2024-10-25T14:19:39.735Z","updated_at":"2025-07-16T05:06:25.614Z","avatar_url":"https://github.com/bwesterb.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"claviger\n********\n\n``claviger`` manages the SSH ``authorized_keys`` files for you.\n\nQuick introduction\n==================\n\nTell ``claviger`` which keys you want to put on which server\nby creating a ``~/.claviger``-file. An example\n\n.. code:: yaml\n\n keys:\n laptop: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINYZEwjtu8w9Hsvx85TlYE95MLV9Whc3N1ajrH7+gu7A\n desktop: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICUef9frJIX7tjvZkYYMtr4IdD/GcKz6/X5qvLxM1Z8O desktop\n work: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICrycv44eyFwWJ7QQsGOnjEiAsFSdxIoAEzBPSO/AQB5 work\n servers:\n myprivateserver.com:\n user: myusername\n present:\n - laptop\n - desktop\n root@myotherserver.com:\n like: myprivateserver.com\n present:\n - work\n keepOtherKeys: false\n workuser@workserver.com:\n present:\n - work\n - desktop\n absent:\n - laptop\n\nThen run ``claviger``. By default ``claviger`` only tells which changes\nit wants to make, but does not make them. If the changes seem fine,\nrun ``claviger -f``, which allows ``claviger`` to make changes.\n\nInstallation\n============\n\nTo install ``claviger``, simply run::\n\n pip install claviger\n\n\nClaviger config file\n====================\n\nA ``.claviger`` is written in YAML_. It consists of two maps: the ``keys``\nmap and the ``servers`` map.\n\n.. code:: yaml\n\n servers:\n server_key:\n # ... (server stanza)\n server_key2:\n # ... (server stanza)\n keys:\n key_name: # ... (ssh public key)\n key_name2: # ... (ssh public key)\n\nAs seen in the example at the top, the ``keys`` map has as values SSH\npublic keys as they would appear in an ``authorized_keys`` file.\n\nThe ``servers`` map consists of key-stanza pairs. Each stanza is a map\nof option name/value pairs, like:\n\n.. code:: yaml\n\n server_key:\n option_name: option_value\n option_name2: option_value\n # ...\n\nSee below for the available options in the server-stanza's.\n\nServer key\n----------\n\nThe key of a server stanza is of the following form::\n\n [user@]hostname[:port]\n\nExamples of keys are\n\n- ``just-a-hostname.nl``\n- ``user@some-server.com``\n- ``some-server.nl:1234``\n- ``user@and-port.com:22022``\n\nYou can also specify ``user``, ``hostname`` and ``port`` explicitly.\nSee below.\n\nIf a server key starts with a dollar sign (for instance ``$work``),\nthen it is considered ``abstract`` --- see below.\n\nServer stanzas\n--------------\n\nA server stanza is a map which may have the following entries.\n\n================== =============================================================\n``name`` | The name of the server.\n | *Default*: stanza key.\n``hostname`` | The hostname of the server.\n | *Default*: derived from stanza key.\n``user`` | The user for which to manage the ``authorized_keys`` file\n | *Default*: ``root`` if not derived from stanza key.\n``present`` | A list of key names that must be in the\n ``authorized_keys`` file.\n | *Default*: the empty list ``[]``\n``absent`` | A list of SSH-keys that should be removed from the\n ``authorized_keys`` file.\n | *Default*: the empty list ``[]``\n``keepOtherKeys`` | ``true`` or ``false``. If set to ``false``, ``claviger``\n will remove all keys not explicitly allowed form the\n ``authorized_keys`` file.\n | *Default*: ``true``.\n``allow`` | A list of SSH-keys that are also allowed to be in the\n ``authorized_keys`` file if ``keepOtherKeys`` is set\n to ``false``. These keys will not be added, if\n not present already.\n | *Default*: the empty list ``[]``\n``like`` | Name of another server stanza. If set, the entries of\n the other server stanza will be used as default values\n for this server stanza.\n | *Default*: ``$default``\n``ssh_user`` | The user to use to get and put the\n ``authorized_keys`` file.\n | *Default*: the same as ``user``\n``port`` | The port to use to connect to the server.\n | *Default*: 22.\n``abstract`` | ``true`` or ``false``. If set to ``true``, ``claviger``\n will not check this server. See below.\n | *Default*: ``false``\n================== =============================================================\n\n\nAbstract servers and ``$default``\n---------------------------------\n\n``claviger`` will not check an *abstract* server. This is useful to cleanly\nconfigure multiple server.\n\n.. code:: yaml\n\n servers:\n $mine:\n keepOthers: false\n present:\n - my_first_key\n - my_second_key\n $work:\n present:\n - my_work_key\n absent:\n - my_first_key\n\n my-first-server.tld:\n like: $mine\n my-second-server.tld:\n like: $mine\n alpha.at-work.tld:\n like: $work\n beta.at_work.tld:\n like: $work\n\nBy default, server inherits from the hidden ``$default`` abstract server.\n\n.. code:: yaml\n\n servers:\n $default:\n user: myname\n present:\n - this_key_is_put_everywhere\n host1.tld: # will use myname as user\n host2.tld: # \"\n root@host3.tld # will use root as user\n host4.tld:\n absent:\n - this_key_is_put_everywhere # except here\n\n\n.. _YAML: http://yaml.org\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbwesterb%2Fclaviger","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbwesterb%2Fclaviger","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbwesterb%2Fclaviger/lists"}