diff options
author | Sol Jerome <solj@ices.utexas.edu> | 2009-12-29 04:19:02 +0000 |
---|---|---|
committer | Sol Jerome <solj@ices.utexas.edu> | 2009-12-29 04:19:02 +0000 |
commit | bd0204ecb1fb80cdf36af0f57b72e84445c1a088 (patch) | |
tree | 930345633221d9fda156140fb494d739a0484f85 /doc/plugins/generators/sshbase.txt | |
parent | d61a93ac7451be4eedb07f93d507b67d6af7b025 (diff) | |
download | bcfg2-bd0204ecb1fb80cdf36af0f57b72e84445c1a088.tar.gz bcfg2-bd0204ecb1fb80cdf36af0f57b72e84445c1a088.tar.bz2 bcfg2-bd0204ecb1fb80cdf36af0f57b72e84445c1a088.zip |
doc: Rearrange plugin document structure
Signed-off-by: Sol Jerome <solj@ices.utexas.edu>
git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@5636 ce84e21b-d406-0410-9b95-82705330c041
Diffstat (limited to 'doc/plugins/generators/sshbase.txt')
-rw-r--r-- | doc/plugins/generators/sshbase.txt | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/doc/plugins/generators/sshbase.txt b/doc/plugins/generators/sshbase.txt new file mode 100644 index 000000000..65fe1cca7 --- /dev/null +++ b/doc/plugins/generators/sshbase.txt @@ -0,0 +1,38 @@ +.. -*- mode: rst -*- + +======= +SSHbase +======= + +SSHbase is a purpose build bcfg2 plugin for managing ssh host keys. It is responsible for making ssh keys persist beyond a client rebuild and building a proper ssh_known_hosts file, including a correct localhost record for the current system. + +It has two functions: + +* Generating new ssh keys -- When a client requests a dsa, rsa, or v1 key, and there is no existing key in the repository, one is generated. +* Maintaining the ssh_known_hosts file -- all current known public keys (and extra public key stores) are integrated into a single ssh_known_hosts file, and a localhost record for the current client is added. The ssh_known_hosts file data is updated whenever any keys change, are added, or deleted. + +Interacting with SSHbase +======================== + +* Pre-seeding with existing keys -- Currently existing keys will be overwritten by new, sshbase-managed ones by default. Pre-existing keys can be added to the repository by putting them in <repo>/SSHbase/<key filename>.H_<hostname> +* Pre-seeding can also be performed using bcfg2-admin pull ConfigFile /name/of/ssh/key +* Revoking existing keys -- deleting <repo>/SSHbase/\*.H_<hostname> will remove keys for an existing client. + +Aliases +======= + +As of 1.0pre4, SSHbase has support for Aliases listed in clients.xml. The address for the entries are specified either through DNS (e.g. a CNAME), or via the address attribute to the Alias. + +Getting started +=============== + +#. Add SSHbase to the generators line (plugins line in 1.0 or greater) in /etc/bcfg2.conf and restart the server -- This enables the SSHbase plugin in the bcfg2 server. +#. Add ConfigFile entries for /etc/ssh/ssh_known_hosts, and /etc/ssh/ssh_host_dsa_key, etc to a bundle or base. +#. Enjoy. + +At this point, SSHbase will generate new keys for any client without a recorded key in the repository, and will generate an ssh_known_hosts file appropriately. + +Blog post +========= + +[http://www.ducea.com/2008/08/24/using-the-bcfg2-sshbase-plugin/] |