Managing users' SSH access
A sensible approach to access control for servers is to use named user accounts with passphrase-protected SSH keys, rather than having users share an account with a widely known password. Puppet makes this easy to manage thanks to the built-in ssh_authorized_key
type.
To combine this with virtual users, as described in the previous section, you can create a define
, which includes both the user
and ssh_authorized_key
resources. This will also come in handy when adding customization files and other resources to each user.
How to do it...
Follow these steps to extend your virtual users' class to include SSH access:
Create a new module
ssh_user
to contain ourssh_user
definition. Create themodules/ssh_user/manifests/init.pp
file as follows:define ssh_user($key,$keytype) { user { $name: ensure => present, } file { "/home/${name}": ensure => directory, mode => '0700', owner => $name, require => User["$name"] } file {...