holo-ssh-keys - Holo plugin to provision .ssh/authorized_keys
This plugin provisions SSH keys into the $HOME/.ssh/authorized_keys of a user. Key files are found at /usr/share/holo/ssh-keys/$user/$ident.pub, where $user is the name of the user whose authorized_keys will be edited. Each key file is an entity within Holo, with the entity name ssh-keyset:$user/$ident. For example:
$ holo scan ssh-keyset:john-doe/login
ssh-keyset:john-doe/login
found in /usr/share/holo/ssh-keys/john-doe/login.pub
key is 2048 SHA256:vogJG+8rxIB80hEp8OCJLUQgtfOajXHudPp6YvDvY8W john@example.org (RSA)The last information line contains the output of ssh-keygen -l. If the file contains multiple public keys, there will appear one such line per key.
The format of SSH public key files is documented in sshd(8) in the section authorized_keys file format.
When a key file is applied, all keys in it will be added to .ssh/authorized_keys (unless already present). To track which keys were provisioned by Holo, the comment field of the key is replaced by holo=$entity_name.
Applying a key file entity will also remove all keys from .ssh/authorized_keys which are tagged with this entity name, but are not present in the resource file for this entity. Keys can thus be replaced in or removed from the key file, and all changes will be propagated into .ssh/authorized_keys automatically (without requiring --force).
holo(8) provides the user interface for using this plugin.
Stefan Majewsky
Further documentation is available at the project homepage: https://holocm.org
Please report any issues and feature requests at GitHub: https://github.com/holocm/holo/issues