{"id":20072374,"url":"https://github.com/markolson/chef-ssh","last_synced_at":"2025-05-05T20:33:14.195Z","repository":{"id":6171327,"uuid":"7401177","full_name":"markolson/chef-ssh","owner":"markolson","description":"Chef cookbook for managing some mildly-difficult-to-automate SSH configuration","archived":false,"fork":false,"pushed_at":"2021-11-29T16:43:22.000Z","size":105,"stargazers_count":39,"open_issues_count":6,"forks_count":54,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-04-09T04:03:33.654Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/markolson.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2013-01-02T01:55:17.000Z","updated_at":"2023-04-08T17:57:53.000Z","dependencies_parsed_at":"2022-07-10T23:16:26.076Z","dependency_job_id":null,"html_url":"https://github.com/markolson/chef-ssh","commit_stats":null,"previous_names":[],"tags_count":17,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/markolson%2Fchef-ssh","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/markolson%2Fchef-ssh/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/markolson%2Fchef-ssh/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/markolson%2Fchef-ssh/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/markolson","download_url":"https://codeload.github.com/markolson/chef-ssh/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252571403,"owners_count":21769828,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-13T14:39:45.638Z","updated_at":"2025-05-05T20:33:13.790Z","avatar_url":"https://github.com/markolson.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Chef SSH\n\n## Description\n\nProvides 3 LWRPs to manage system-wide and per-user `ssh_config` and `known_host` files.\n\n## Setup\n\nInclude the `ssh` cookbook via Berkshelf or Librarian.\n\n    cookbook \"ssh\"\n\nOr add the following line to your cookbook's `metadata.rb`.\n\n    depends \"ssh\"\n\n## Usage\n\nWhen using SSH with Chef deployments, it's crucial to not get any prompts for input. Adding entries to `known_hosts` files and better managing your per-connection configuration can help with this.\n\nAn important thing to note is that if you create a user during a chef run, be sure to reload OHAI data so that the new user will be in the node data. For instance:\n\n    ohai \"reload_passwd\" do\n        plugin \"passwd\"\n    end\n\nThe ssh cookbook bypasses this need somewhat by using ohai classes directly to discover your users' ssh paths.  However\nsome of your cookbooks may not be as generous.\n\n## Resources and Providers\n\n### known_hosts\n\n#### Actions\n\n\u003ctable\u003e\n  \u003cthead\u003e\n    \u003ctr\u003e\n      \u003cth\u003eAction\u003c/th\u003e\u003cth\u003eDescription\u003c/th\u003e\u003cth\u003eDefault\u003c/th\u003e\n    \u003c/tr\u003e\n  \u003c/thead\u003e\n  \u003ctbody\u003e\n    \u003ctr\u003e\n      \u003ctd\u003eadd\u003c/td\u003e\n      \u003ctd\u003eAdds an entry for the given host to a `known_hosts` file\u003c/td\u003e\n      \u003ctd\u003eYes\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n      \u003ctd\u003eremove\u003c/td\u003e\n      \u003ctd\u003eRemoves entries for a host from a `known_hosts` file\u003c/td\u003e\n      \u003ctd\u003e\u0026nbsp;\u003c/td\u003e\n  \u003c/tbody\u003e\n\u003c/table\u003e\n\n#### Attributes\n\n\u003ctable\u003e\n  \u003cthead\u003e\n    \u003ctr\u003e\n      \u003cth\u003eAttribute\u003c/th\u003e\u003cth\u003eDescription\u003c/th\u003e\u003cth\u003eDefault Value\u003c/th\u003e\n    \u003c/tr\u003e\n  \u003c/thead\u003e\n  \u003ctbody\u003e\n    \u003ctr\u003e\n      \u003ctd\u003ehost\u003c/td\u003e\n      \u003ctd\u003e\n        \u003cb\u003eName attribute:\u003c/b\u003e the FQDN for a host to add to a `known_hosts` file\n      \u003c/td\u003e\n      \u003ctd\u003e\u003ccode\u003enil\u003c/code\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n      \u003ctd\u003eport\u003c/td\u003e\n      \u003ctd\u003e\n        The host's SSH port\n      \u003c/td\u003e\n      \u003ctd\u003e\u003ccode\u003e22\u003c/code\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n      \u003ctd\u003ehashed\u003c/td\u003e\n      \u003ctd\u003eA Boolean indicating if SSH is configured to use a hashed `known_hosts` file.\n      \u003c/td\u003e\n      \u003ctd\u003e\u003ccode\u003etrue\u003c/code\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n      \u003ctd\u003ekey\u003c/td\u003e\n      \u003ctd\u003eA full line to add to the file, instead of performing a lookup for the host.\n      \u003c/td\u003e\n      \u003ctd\u003e\u003ccode\u003enil\u003c/code\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n      \u003ctd\u003euser\u003c/td\u003e\n      \u003ctd\u003eA username to add the `known_hosts` entry for. If unspecified, the known_host will be added system-wide. \u003cb\u003eNote:\u003c/b\u003e if specified, the user\n        must already exist.\n      \u003c/td\u003e\n      \u003ctd\u003e\u003ccode\u003enil\u003c/code\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n      \u003ctd\u003epath\u003c/td\u003e\n      \u003ctd\u003eA full path to a known_hosts file. If used with the `user` attribute, this will take precedence over the path to a user's file, but the file will be created (if necessary) as that user.\n      \u003c/td\u003e\n      \u003ctd\u003e\u003ccode\u003enil\u003c/code\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n  \u003c/tbody\u003e\n\u003c/table\u003e\n\n#### Example\n\n    ssh_known_hosts \"github.com\" do\n      hashed true\n      user 'webapp'\n    end\n\n\n### config\n\n#### Actions\n\n\u003ctable\u003e\n  \u003cthead\u003e\n    \u003ctr\u003e\n      \u003cth\u003eAction\u003c/th\u003e\u003cth\u003eDescription\u003c/th\u003e\u003cth\u003eDefault\u003c/th\u003e\n    \u003c/tr\u003e\n  \u003c/thead\u003e\n  \u003ctbody\u003e\n    \u003ctr\u003e\n      \u003ctd\u003eadd\u003c/td\u003e\n      \u003ctd\u003eAdds an entry for the given host to a `ssh_config` file\u003c/td\u003e\n      \u003ctd\u003eYes\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n      \u003ctd\u003eremove\u003c/td\u003e\n      \u003ctd\u003eRemoves entries for a host from a `ssh_config` file\u003c/td\u003e\n      \u003ctd\u003e\u0026nbsp;\u003c/td\u003e\n  \u003c/tbody\u003e\n\u003c/table\u003e\n\n#### Attributes\n\n\u003ctable\u003e\n  \u003cthead\u003e\n    \u003ctr\u003e\n      \u003cth\u003eAttribute\u003c/th\u003e\u003cth\u003eDescription\u003c/th\u003e\u003cth\u003eDefault Value\u003c/th\u003e\n    \u003c/tr\u003e\n  \u003c/thead\u003e\n  \u003ctbody\u003e\n    \u003ctr\u003e\n      \u003ctd\u003ehost\u003c/td\u003e\n      \u003ctd\u003e\n        \u003cb\u003eName attribute:\u003c/b\u003e the string to match when connecting to a host. This can be an IP, FQDN (github.com), or contain wildcards (*.prod.corp)\n      \u003c/td\u003e\n      \u003ctd\u003e\u003ccode\u003enil\u003c/code\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n      \u003ctd\u003eoptions\u003c/td\u003e\n      \u003ctd\u003eA hash containing the key-values to write for the host in\n      \u003c/td\u003e\n      \u003ctd\u003e\u003ccode\u003etrue\u003c/code\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n      \u003ctd\u003euser\u003c/td\u003e\n      \u003ctd\u003eA username to add the `ssh_config` entry for. If unspecified, the entry will be added system-wide. \u003cb\u003eNote:\u003c/b\u003e if specified, the user\n        must already exist.\n      \u003c/td\u003e\n      \u003ctd\u003e\u003ccode\u003enil\u003c/code\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n      \u003ctd\u003epath\u003c/td\u003e\n      \u003ctd\u003eA full path to a ssh config file. If used with the `user` attribute, this will take precedence over the path to a user's file, but the file will be created (if necessary) as that user.\n      \u003c/td\u003e\n      \u003ctd\u003e\u003ccode\u003enil\u003c/code\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n  \u003c/tbody\u003e\n\u003c/table\u003e\n\n#### Example\n\n    ssh_config \"github.com\" do\n      options 'User' =\u003e 'git', 'IdentityFile' =\u003e '/var/apps/github_deploy_key'\n      user 'webapp'\n    end\n\n### authorized_keys\nThe authorized_keys LWRP is considered _Beta_ due to the lack of tests for this resource.  Use at your own risk,\nand feel free to submit a PR for adding more tests.\n\nAlso of important note, typically when SSH keys are generated, the resulting file will have the type, key, and a comment.\nThe typical comment is just the `username@host`.  This is __NOT__ part of the key.  When setting your attributes,\nplease be sure to set only the key in the `key` field.  See the example if you are still uncertain.\n\n#### Actions\n\n\u003ctable\u003e\n  \u003cthead\u003e\n    \u003ctr\u003e\n      \u003cth\u003eAction\u003c/th\u003e\u003cth\u003eDescription\u003c/th\u003e\u003cth\u003eDefault\u003c/th\u003e\n    \u003c/tr\u003e\n  \u003c/thead\u003e\n  \u003ctbody\u003e\n    \u003ctr\u003e\n      \u003ctd\u003eadd\u003c/td\u003e\n      \u003ctd\u003eAdds an entry to the given user's authorized_keys file\u003c/td\u003e\n      \u003ctd\u003eYes\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n      \u003ctd\u003eremove\u003c/td\u003e\n      \u003ctd\u003eRemoves an entry from the given user's authorized_keys file\u003c/td\u003e\n      \u003ctd\u003e\u0026nbsp;\u003c/td\u003e\n    \u003c\\tr\u003e\n    \u003ctr\u003e\n      \u003ctd\u003emodify\u003c/td\u003e\n      \u003ctd\u003eUpdates an existing entry to the user's authorized_keys file, but only if the indicated `key` is present\u003c/td\u003e\n      \u003ctd\u003e\u0026nbsp;\u003c/td\u003e\n    \u003c\\tr\u003e\n  \u003c/tbody\u003e\n\u003c/table\u003e\n\n__* please note that there is no `name` attribute for this resource.  The name you assign is not used in the provider__\n\n#### Attributes\n\n\u003ctable\u003e\n  \u003cthead\u003e\n    \u003ctr\u003e\n      \u003cth\u003eAttribute\u003c/th\u003e\u003cth\u003eDescription\u003c/th\u003e\u003cth\u003eDefault Value\u003c/th\u003e\n    \u003c/tr\u003e\n  \u003c/thead\u003e\n  \u003ctbody\u003e\n    \u003ctr\u003e\n      \u003ctd\u003etype\u003c/td\u003e\n      \u003ctd\u003e\n        A string representing the type of key.  Options include `ssh-rsa, ssh-dss, ssh-ed25519` and others\n      \u003c/td\u003e\n      \u003ctd\u003e\u003ccode\u003essh-rsa\u003c/code\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n      \u003ctd\u003eoptions\u003c/td\u003e\n      \u003ctd\u003e\n        A hash containing the key-value pairs for options.  Binary options such as `no-port-forwarding` should have a value of `nil`\n      \u003c/td\u003e\n      \u003ctd\u003e\u003ccode\u003e{}\u003c/code\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n      \u003ctd\u003euser\u003c/td\u003e\n      \u003ctd\u003e\n        The user for which this key should be added\n      \u003c/td\u003e\n      \u003ctd\u003enone - __REQUIRED__\u003c/td\u003e\n    \u003c/tr\u003e\n     \u003ctr\u003e\n      \u003ctd\u003ecomment\u003c/td\u003e\n      \u003ctd\u003e\n        a comment to add to this entry (generally the `useranme@host` is added as a comment, but this is not required)\n      \u003c/td\u003e\n      \u003ctd\u003e\u003ccode\u003e''\u003c/code\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n      \u003ctd\u003ekey\u003c/td\u003e\n      \u003ctd\u003e\n        the actual key\n      \u003c/td\u003e\n      \u003ctd\u003enone - __REQUIRED__\u003c/td\u003e\n    \u003c/tr\u003e\n  \u003c/tbody\u003e\n\u003c/table\u003e\n\n#### Example\n\n    ssh_authorized_keys \"for remote access\" do\n      options { 'cert-authority' =\u003e nil, :command =\u003e '/usr/bin/startup' }\n      user 'admin'\n      key 'AAAAB3NzaC1yc2EAAAADAQABAAACAQDzB76TOkrDRaevO3I1qzosRXliAuYdjcMejHwwL5v2hRqTrBePlMW6nqz8/JgLTzHn/KxzkrKLb0GlpPDrJ1KByWGYZsfydUfv7n1+5ogoA7UW7dUc4DoQtGPuy4Xe0enr88VfALlT11aWKAw8K/I39zWiPvJNX3Mks0f3/3smjLaQEnDWWWiawp5YgzJmyzsqZFZrrFCUgv7AP1EjZofWUcRvYEEjMhKsK+G2H2VCN7MpH0cJ97E0bKNQjHBrwGyMLQZUOndGakCuOuTLpikOXSpUUz5LwqCiRIj6iUtWevwk+AYLZwxPYQpCxFceVFDhPDaJQ85vweSq+HEg7hRujq9jO7vM9LIgjqg7fwQ2Ql6zO9NjXv2UalzBi0H2AbKT1V/PpNufPgolyb/dK7Jqpqu7Ytggctl2fGyLe8yVaC9gD+/BBeCl82LZI142kdXmf4WYcZgOgcRgGJrbSZjeMzX6zZpiD1AG3T7xyEn2twmC/TqptmQEAG2BBzGum+S6pU0rnOt2UJngRnviK2vptAWtRlSlsopySOXv+VbqUXhRjHRT/+2nq5Q4BWcjsZaaoo1uWh2glATRnGK995A1zJ3gWrBA+IaC6stKzjSG0KPwLjzHfPKbWjDX76D/qdo0qBN5hBiHDRfmiNqpNYS9NHACDZNVPBS5N1d5BUkyKw=='\n      type 'ssh-rsa'\n      comment 'gdidy@coolman.com'\n    end\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmarkolson%2Fchef-ssh","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmarkolson%2Fchef-ssh","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmarkolson%2Fchef-ssh/lists"}