Roster - salt-ssh with public key #38680

sumeetisp opened this Issue Jan 11, 2017 · 4 comments


None yet

2 participants


Description of Issue/Question

I was trying out Salt-ssh which requires a roster file, which was present at /etc/salt/roster
My question is regarding ssh to masterless minion using public key of the minion.

The roster file structure give at
does not specify any parameter to specify public key to ssh into the minion for the first time.

It only provides parameters for username and password. Is there any way to use public key instead of password?

@sumeetisp sumeetisp changed the title from Roster - ssh with public key to Roster - salt-ssh with public key Jan 11, 2017
Ch3LL commented Jan 11, 2017

@sumeetisp i believe what you might be looking for is the ssh private key which you can specify int he roster file with: priv: /path/to/key

@Ch3LL Ch3LL added the Question label Jan 11, 2017
@Ch3LL Ch3LL added this to the Approved milestone Jan 11, 2017

I guess priv is not the correct parameter. As per the description for priv , which as follows,
priv: # File path to ssh private key, defaults to salt-ssh.rsa
# The priv can also be set to agent-forwarding to not specify
# a key, but use ssh agent forwarding

It is a private key which will be deployed to the minion and then subsequently corresponding public key will be used.

Let me explain it in detail.
I have the following in my Roster file at /etc/salt/roster
user: ec2-user
priv: /tmp/somekey.ppk

Then i am using the following cmd,
salt-ssh -i minion1

Which takes me through the following,
salt-ssh -i minion1
Permission denied for host minion1, do you want to deploy the salt-ssh key? (password required):
[Y/n] y
Password for ec2-user@minion1:

My question is instead of using password to authenticate for the very first time,when i am running salt-ssh cmd, can a public key of the minion be used to authenticate.

The priv parameter is used to deploy a key after this first time auth has been done.


Any solution to the above issue?


Please let me know if i was unable to explain the issue properly

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment