NAME

holo-ssh-keys - Holo plugin to provision .ssh/authorized_keys

DESCRIPTION

This plugin provisions SSH keys into the $HOME/.ssh/authorized_keys of a user. Key files are found at /usr/share/holo/ssh-keys/$user/$ident.pub, where $user is the name of the user whose authorized_keys will be edited. Each key file is an entity within Holo, with the entity name ssh-keyset:$user/$ident. For example:

$ holo scan ssh-keyset:john-doe/login

ssh-keyset:john-doe/login
    found in /usr/share/holo/ssh-keys/john-doe/login.pub
      key is 2048 SHA256:vogJG+8rxIB80hEp8OCJLUQgtfOajXHudPp6YvDvY8W john@example.org (RSA)

The last information line contains the output of ssh-keygen -l. If the file contains multiple public keys, there will appear one such line per key.

The format of SSH public key files is documented in sshd(8) in the section authorized_keys file format.

Apply operation

When a key file is applied, all keys in it will be added to .ssh/authorized_keys (unless already present). To track which keys were provisioned by Holo, the comment field of the key is replaced by holo=$entity_name.

Applying a key file entity will also remove all keys from .ssh/authorized_keys which are tagged with this entity name, but are not present in the resource file for this entity. Keys can thus be replaced in or removed from the key file, and all changes will be propagated into .ssh/authorized_keys automatically (without requiring --force).

SEE ALSO

holo(8) provides the user interface for using this plugin.

AUTHOR

Stefan Majewsky

Further documentation is available at the project homepage: https://holocm.org

Please report any issues and feature requests at GitHub: https://github.com/holocm/holo/issues