Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Add an enforce option to the ssh_auth state #13340
ssh_auth should be able to completely ensure the state of an authorized_keys file as well as adding and removing individual keys. It would be nice to have an enforce option (that defaults to false) that would fully manage an authorized_keys file.
I know it's possible to use file.managed for this, but then it's necessary to know the user's home directory, which may not be default.
Lack of this option makes this state relatively insecure to use. I doubt many people ensure that keys they need to remove are in a separate absent state, especially since most people loop over users from pillars. I bet lots of people are just leaving keys on systems when they think they're rotating them.
referenced this issue
Jun 24, 2016
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
If this issue is closed prematurely, please leave a comment and we will gladly reopen the issue.