FAQ
Morning all,

Currently trying to find a way to orchestrate the ssh key generation and
exchange of two servers that I'm provisioning.

My first thought was to generate a key on each server using the standard
'ssh-keygen -t rsa -q -N '' -b 4096 -f /root/.ssh/id_rsa' and then capture
that into mine somehow. This could then be appended on the other server
using file.

Rough PoC is here, but I get the feeling I'm using mine incorrectly:

http://p.rig.gr/raqigolave.sm

Would this be seen as a sensible way of going about this task, or am I
massively overcooking it?

Any help appreciated,

Cheers

Sam

--
You received this message because you are subscribed to the Google Groups "Salt-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Search Discussions

  • Sam at Aug 10, 2015 at 9:34 pm
    Morning all,

    Currently trying to find a way to orchestrate the ssh key generation and exchange of two servers that I'm provisioning.

    My first thought was to generate a key on each server using the standard 'ssh-keygen -t rsa -q -N '' -b 4096 -f /root/.ssh/id_rsa' and then capture that into mine somehow. This could then be appended on the other server using file.

    Rough PoC is here, but I get the feeling I'm using mine incorrectly:

    http://p.rig.gr/raqigolave.sm

    Would this be seen as a sensible way of going about this task, or am I massively overcooking it?

    Any help appreciated,

    Cheers

    Sam

    --
    You received this message because you are subscribed to the Google Groups "Salt-users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.
  • Arnold Bechtoldt at Aug 11, 2015 at 7:29 pm
    AFAIR I've created ssh.modules.user_keys() for this particular use case.

    http://docs.saltstack.com/en/develop/ref/modules/all/salt.modules.ssh.html#salt.modules.ssh.user_keys


    My implementation:

    collect:
    https://github.com/bechtoldt/saltstack-opennebula-formula/blob/master/opennebula/orchestrate.sls#L54
    deploy:
    https://github.com/bechtoldt/saltstack-opennebula-formula/blob/master/opennebula/orchestrate.sls#L61

    See also
    https://github.com/bechtoldt/saltstack-opennebula-formula/blob/master/pillar.example.sls


    Hope this helps a bit.


    --
    Arnold Bechtoldt

    +arnoldbechtoldt • arnoldB@IRC • @bechtoldt • arbe.io
    On 10.08.15 12:32, Sam wrote:
    Morning all,

    Currently trying to find a way to orchestrate the ssh key generation and exchange of two servers that I'm provisioning.

    My first thought was to generate a key on each server using the standard 'ssh-keygen -t rsa -q -N '' -b 4096 -f /root/.ssh/id_rsa' and then capture that into mine somehow. This could then be appended on the other server using file.

    Rough PoC is here, but I get the feeling I'm using mine incorrectly:

    http://p.rig.gr/raqigolave.sm

    Would this be seen as a sensible way of going about this task, or am I massively overcooking it?

    Any help appreciated,

    Cheers

    Sam
    --
    You received this message because you are subscribed to the Google Groups "Salt-users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.
  • Shane Gibson at Aug 11, 2015 at 3:19 pm
    Have you looked at the cp modules? You can generate the SSH keys on the
    saltmaster, and use the cp functions to push them to your minions:

       http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.cp.html#salt.modules.cp.get_file

    There are a number of other functions in that doc tree that might be
    interesting to you. In addition, you can copy *from* the minion to the
    master (note possible security issue; requires changing the saltmaster
    config file to support this feature), see cp.push:

       http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.cp.html#salt.modules.cp.push

    ~~shane

    On Monday, August 10, 2015 at 5:54:24 AM UTC-7, Sam wrote:

    Morning all,

    Currently trying to find a way to orchestrate the ssh key generation and
    exchange of two servers that I'm provisioning.

    My first thought was to generate a key on each server using the standard
    'ssh-keygen -t rsa -q -N '' -b 4096 -f /root/.ssh/id_rsa' and then capture
    that into mine somehow. This could then be appended on the other server
    using file.

    Rough PoC is here, but I get the feeling I'm using mine incorrectly:

    http://p.rig.gr/raqigolave.sm

    Would this be seen as a sensible way of going about this task, or am I
    massively overcooking it?

    Any help appreciated,

    Cheers

    Sam
    --
    You received this message because you are subscribed to the Google Groups "Salt-users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.
  • Florian Ermisch at Aug 11, 2015 at 5:48 pm
    They're base64 encoded so you also generate them on the master and include them in the host's pillar.
    The private part only in the minions own pillar, the public part in everyone's pillar.

    Regards, Florian

    Am 11. August 2015 17:19:23 MESZ, schrieb Shane Gibson <sygibson@gmail.com>:
    Have you looked at the cp modules? You can generate the SSH keys on
    the
    saltmaster, and use the cp functions to push them to your minions:

    http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.cp.html#salt.modules.cp.get_file


    There are a number of other functions in that doc tree that might be
    interesting to you. In addition, you can copy *from* the minion to the

    master (note possible security issue; requires changing the saltmaster
    config file to support this feature), see cp.push:

    http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.cp.html#salt.modules.cp.push

    ~~shane

    On Monday, August 10, 2015 at 5:54:24 AM UTC-7, Sam wrote:

    Morning all,

    Currently trying to find a way to orchestrate the ssh key generation and
    exchange of two servers that I'm provisioning.

    My first thought was to generate a key on each server using the standard
    'ssh-keygen -t rsa -q -N '' -b 4096 -f /root/.ssh/id_rsa' and then capture
    that into mine somehow. This could then be appended on the other server
    using file.

    Rough PoC is here, but I get the feeling I'm using mine incorrectly:

    http://p.rig.gr/raqigolave.sm

    Would this be seen as a sensible way of going about this task, or am I
    massively overcooking it?

    Any help appreciated,

    Cheers

    Sam
    --
    You received this message because you are subscribed to the Google
    Groups "Salt-users" group.
    To unsubscribe from this group and stop receiving emails from it, send
    an email to salt-users+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.

    --
    You received this message because you are subscribed to the Google Groups "Salt-users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupsalt-users @
postedAug 10, '15 at 12:54p
activeAug 11, '15 at 7:29p
posts5
users5

People

Translate

site design / logo © 2022 Grokbase