{"id":21745156,"url":"https://github.com/zuazo/ssh_authorized_keys-cookbook","last_synced_at":"2025-04-13T05:12:30.252Z","repository":{"id":25663869,"uuid":"29099531","full_name":"zuazo/ssh_authorized_keys-cookbook","owner":"zuazo","description":"Chef cookbook to create SSH authorized keys files in user home directories.","archived":false,"fork":false,"pushed_at":"2021-08-18T06:24:33.000Z","size":90,"stargazers_count":9,"open_issues_count":6,"forks_count":17,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-03-26T22:05:24.154Z","etag":null,"topics":["authorization","authorized-keys","chef","cookbook","devops","ssh"],"latest_commit_sha":null,"homepage":"https://supermarket.chef.io/cookbooks/ssh_authorized_keys","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/zuazo.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-01-11T17:29:38.000Z","updated_at":"2022-07-25T04:56:38.000Z","dependencies_parsed_at":"2022-08-24T06:40:29.923Z","dependency_job_id":null,"html_url":"https://github.com/zuazo/ssh_authorized_keys-cookbook","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zuazo%2Fssh_authorized_keys-cookbook","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zuazo%2Fssh_authorized_keys-cookbook/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zuazo%2Fssh_authorized_keys-cookbook/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zuazo%2Fssh_authorized_keys-cookbook/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/zuazo","download_url":"https://codeload.github.com/zuazo/ssh_authorized_keys-cookbook/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248665742,"owners_count":21142123,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authorization","authorized-keys","chef","cookbook","devops","ssh"],"created_at":"2024-11-26T07:13:47.230Z","updated_at":"2025-04-13T05:12:30.230Z","avatar_url":"https://github.com/zuazo.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"# SSH Authorized Keys Cookbook\n\n[![Documentation](http://img.shields.io/badge/docs-rdoc.info-blue.svg?style=flat)](http://www.rubydoc.info/github/zuazo/ssh_authorized_keys-cookbook)\n[![GitHub](http://img.shields.io/badge/github-zuazo/ssh__authorized__keys--cookbook-blue.svg?style=flat)](https://github.com/zuazo/ssh_authorized_keys-cookbook)\n[![License](https://img.shields.io/github/license/zuazo/ssh_authorized_keys-cookbook.svg?style=flat)](#license-and-author)\n\n[![Cookbook Version](https://img.shields.io/cookbook/v/ssh_authorized_keys.svg?style=flat)](https://supermarket.chef.io/cookbooks/ssh_authorized_keys)\n[![Dependency Status](https://img.shields.io/librariesio/github/zuazo/ssh_authorized_keys-cookbook)](https://libraries.io/github/zuazo/ssh_authorized_keys-cookbook#dependencies)\n[![Code Climate maintainability](https://img.shields.io/codeclimate/maintainability/zuazo/ssh_authorized_keys-cookbook)](https://codeclimate.com/github/onddo/ssh_authorized_keys-cookbook)\n[![Build Status](https://img.shields.io/travis/zuazo/ssh_authorized_keys-cookbook.svg?style=flat)](https://travis-ci.org/zuazo/ssh_authorized_keys-cookbook)\n[![Coverage Status](https://img.shields.io/coveralls/zuazo/ssh_authorized_keys-cookbook.svg?style=flat)](https://coveralls.io/r/zuazo/ssh_authorized_keys-cookbook?branch=master)\n[![Inline docs](https://inch-ci.org/github/zuazo/ssh_authorized_keys-cookbook.svg?branch=master\u0026style=flat)](https://inch-ci.org/github/zuazo/ssh_authorized_keys-cookbook)\n\n[Chef](https://www.chef.io/) cookbook to create SSH authorized keys files in user home directories.\n\nTries to avoid generating a corrupt file that could render your server inaccessible.\n\n## Requirements\n\n### Supported Platforms\n\nThis cookbook has been tested on the following platforms:\n\n* AIX\n* Amazon Linux\n* Debian\n* CentOS\n* Fedora\n* FreeBSD\n* openSUSE\n* Oracle\n* RedHat\n* SUSE\n* Ubuntu\n\nPlease, [let us know](https://github.com/zuazo/ssh_authorized_keys-cookbook/issues/new?title=I%20have%20used%20it%20successfully%20on%20...) if you use it successfully on any other platform.\n\n### Required Applications\n\n* Chef `14` or higher.\n* Ruby `2.5` or higher.\n\n## Definitions\n\n### ssh_authorize_key\n\nAuthorize a key for public key authentication using SSH.\n\n**Warning:** This definition uses the [Accumulator Pattern](http://docs.chef.io/definitions.html#many-recipes-one-definition). This implies that any SSH key added using other methods (such as **keys added by hand**) will be **deleted**.\n\n### ssh_authorize_key Properties\n\n| Property     | Default           | Description                              |\n|:-------------|:------------------|:-----------------------------------------|\n| user         | `nil`             | System user **(required)**.              |\n| group        | user              | System group.                            |\n| home         | *calculated*      | System user home path.                   |\n| key          | `nil`             | SSH public key in base64 **(required)**. |\n| keytype      | `'ssh-rsa'`       | SSH key type.                            |\n| comment      | *definition name* | SSH key comment.                         |\n| options      | `nil`             | SSH key options as a hash.               |\n| validate_key | `true`            | Enable/Disable assert_key                |\n\n## Usage Examples\n\nFirst of all, don't forget to include the `ssh_authorized_keys` cookbook as a dependency in the cookbook metadata:\n\n```ruby\n# metadata.rb\n# [...]\n\ndepends 'ssh_authorized_keys'\n```\n\nYou can use the `ssh_authorize_key` to authorize SSH public keys to use SSH public key authentication:\n\n```ruby\n# Bob is the admin here.\n\nssh_authorize_key 'bob@acme.com' do\n  key 'AAAAB3NzaC1yc2EAAAADAQABAAABAQCctNyRouVDhzjiP[...]'\n  user 'root'\nend\n\nssh_authorize_key 'alice@acme.com' do\n  key 'AAAAB3NzaC1yc2EAAAADAQABAAABAQCySLKbpFRGCrKU/[...]'\n  user 'alice'\nend\n```\n\n### Setting the SSH Key Options Field\n\nYou can set the options field as follows:\n\n```ruby\n# As the root user by default in ubuntu:\nssh_authorize_key 'bob@acme.com' do\n  key 'AAAAB3NzaC1yc2EAAAADAQABAAABAQCctNyRouVDhzjiP[...]'\n  user 'root'\n  options(\n    'no-port-forwarding' =\u003e true,\n    'no-agent-forwarding' =\u003e true,\n    'no-X11-forwarding' =\u003e true,\n    command:\n      'echo \\'Please login as the user \"bob\" rather than the user \"root\".\\''\\\n      ';echo;sleep 10'\n  )\nend\n```\n\n### Reading the Keys from a Data Bag\n\nFor example, from the following data bag item:\n\n```json\n{\n  \"id\": \"users\",\n  \"bob@acme.com\": {\n    \"key\": \"AAAAB3NzaC1yc2EAAAADAQABAAABAQCctNyRouVDhzjiP[...]\",\n    \"user\": \"root\"\n  },\n  \"alice@acme.com\": {\n    \"key\": \"AAAAB3NzaC1yc2EAAAADAQABAAABAQCySLKbpFRGCrKU/[...]\",\n    \"user\": \"alice\"\n  }\n}\n```\n\nYou can read the data bag item from a recipe as follows:\n\n```ruby\nusers = data_bag_item('ssh', 'users')\nusers.delete('id')\n\nusers.each do |name, ssh_key|\n  ssh_authorize_key name do\n    key ssh_key['key']\n    user ssh_key['user']\n  end\nend\n```\n\nSee [the data bags DSL documentation](http://docs.chef.io/data_bags.html#load-with-dsl-recipe) for a more detailed explanation and [the data bags knife documentation](http://docs.chef.io/data_bags.html#using-knife-title) to learn how to create a data bag.\n\n## Attributes\n\n\nThese attributes are primarily intended to support the different platforms. Do not touch them unless you know what you are doing.\n\n| Attribute                                 | Default      | Description            |\n|:------------------------------------------|:-------------|:-----------------------|\n| `node['ssh_authorized_keys']['keytypes']` | *calculated* | Allowed SSH key types. |\n\n## Testing\n\n\nSee [TESTING.md](https://github.com/zuazo/ssh_authorized_keys-cookbook/blob/master/TESTING.md).\n\n## ChefSpec Tests\n\nTo create ChefSpec tests for the `ssh_authorize_key` definition, you can use the [`render_file`](http://www.rubydoc.info/github/sethvargo/chefspec#render_file) matcher to check the *authorized_keys* file content:\n\n```ruby\nit 'allows bob to login as root' do\n  expect(chef_run).to render_file('/root/.ssh/authorized_keys')\n    .with_content(/^ssh-rsa [A-Za-z0-9+\\/=]+ bob@acme\\.com$/)\nend\n```\n\nYou can also test against the internal template:\n\n```ruby\nit 'creates ~bob/.ssh/authorized_keys file' do\n  expect(chef_run).to create_template('/home/bob/.ssh/authorized_keys')\nend\n```\n\n## Contributing\n\n\nPlease do not hesitate to [open an issue](https://github.com/zuazo/ssh_authorized_keys-cookbook/issues/new) with any questions or problems.\n\nSee [CONTRIBUTING.md](https://github.com/zuazo/ssh_authorized_keys-cookbook/blob/master/CONTRIBUTING.md).\n\n## TODO\n\n\nSee [TODO.md](https://github.com/zuazo/ssh_authorized_keys-cookbook/blob/master/TODO.md).\n\n\n## License and Author\n\n|                      |                                          |\n|:---------------------|:-----------------------------------------|\n| **Author:**          | [Raul Rodriguez](https://github.com/raulr) (\u003craul@onddo.com\u003e)\n| **Author:**          | [Xabier de Zuazo](https://github.com/zuazo) (\u003cxabier@zuazo.org\u003e)\n| **Contributor:**     | [Ong Ming Yang](https://github.com/ongmingyang)\n| **Contributor:**     | [MVNW](https://github.com/MVNW)\n| **Contributor:**     | [Anthony Caiafa](https://github.com/acaiafa)\n| **Contributor:**     | [Benjamin M. Hughes](https://github.com/bmhughes)\n| **Contributor:**     | [Corey Hemminger](https://github.com/Stromweld)\n| **Copyright:**       | Copyright (c) 2015-2016, Xabier de Zuazo\n| **Copyright:**       | Copyright (c) 2015, Onddo Labs, SL.\n| **License:**         | Apache License, Version 2.0\n\n    Licensed under the Apache License, Version 2.0 (the \"License\");\n    you may not use this file except in compliance with the License.\n    You may obtain a copy of the License at\n\n        http://www.apache.org/licenses/LICENSE-2.0\n\n    Unless required by applicable law or agreed to in writing, software\n    distributed under the License is distributed on an \"AS IS\" BASIS,\n    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n    See the License for the specific language governing permissions and\n    limitations under the License.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzuazo%2Fssh_authorized_keys-cookbook","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fzuazo%2Fssh_authorized_keys-cookbook","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzuazo%2Fssh_authorized_keys-cookbook/lists"}