claviger manages the SSH authorized_keys files for you.
Tell claviger which keys you want to put on which server by creating a ~/.claviger-file. An example
keys:
laptop: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINYZEwjtu8w9Hsvx85TlYE95MLV9Whc3N1ajrH7+gu7A
desktop: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICUef9frJIX7tjvZkYYMtr4IdD/GcKz6/X5qvLxM1Z8O desktop
work: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICrycv44eyFwWJ7QQsGOnjEiAsFSdxIoAEzBPSO/AQB5 work
servers:
myprivateserver.com:
user: myusername
present:
- laptop
- desktop
root@myotherserver.com:
like: myprivateserver.com
present:
- work
keepOtherKeys: false
workuser@workserver.com:
present:
- work
- desktop
absent:
- laptopThen run claviger. By default claviger only tells which changes it wants to make, but does not make them. If the changes seem fine, run claviger -f, which allows claviger to make changes.
To install claviger, simply run:
pip install clavigerA .claviger is written in YAML. It consists of two maps: the keys map and the servers map.
servers:
server_key:
# ... (server stanza)
server_key2:
# ... (server stanza)
keys:
key_name: # ... (ssh public key)
key_name2: # ... (ssh public key)As seen in the example at the top, the keys map has as values SSH public keys as they would appear in an authorized_keys file.
The servers map consists of key-stanza pairs. Each stanza is a map of option name/value pairs, like:
server_key:
option_name: option_value
option_name2: option_value
# ...See below for the available options in the server-stanza's.
The key of a server stanza is of the following form:
[user@]hostname[:port]Examples of keys are
just-a-hostname.nluser@some-server.comsome-server.nl:1234user@and-port.com:22022
You can also specify user, hostname and port explicitly. See below.
If a server key starts with a dollar sign (for instance $work), then it is considered abstract --- see below.
A server stanza is a map which may have the following entries.
|
The name of the server. Default: stanza key. |
|
The hostname of the server. Default: derived from stanza key. |
|
The user for which to manage the authorized_keys fileDefault: root if not derived from stanza key. |
|
A list of key names that must be in the authorized_keys file.Default: the empty list [] |
|
A list of SSH-keys that should be removed from the authorized_keys file.Default: the empty list [] |
|
true or false. If set to false, claviger will remove all keys not explicitly allowed form the authorized_keys file.Default: true. |
|
A list of SSH-keys that are also allowed to be in the authorized_keys file if keepOtherKeys is set to false. These keys will not be added, if not present already.Default: the empty list [] |
|
Name of another server stanza. If set, the entries of the other server stanza will be used as default values for this server stanza. Default: $default |
|
The user to use to get and put the authorized_keys file.Default: the same as user |
|
The port to use to connect to the server. Default: 22. |
|
true or false. If set to true, claviger will not check this server. See below.Default: false |
claviger will not check an abstract server. This is useful to cleanly configure multiple server.
servers:
$mine:
keepOthers: false
present:
- my_first_key
- my_second_key
$work:
present:
- my_work_key
absent:
- my_first_key
my-first-server.tld:
like: $mine
my-second-server.tld:
like: $mine
alpha.at-work.tld:
like: $work
beta.at_work.tld:
like: $workBy default, server inherits from the hidden $default abstract server.
servers:
$default:
user: myname
present:
- this_key_is_put_everywhere
host1.tld: # will use myname as user
host2.tld: # "
root@host3.tld # will use root as user
host4.tld:
absent:
- this_key_is_put_everywhere # except here