diff options
| author | Sol Jerome <solj@ices.utexas.edu> | 2010-02-01 02:28:39 +0000 |
|---|---|---|
| committer | Sol Jerome <solj@ices.utexas.edu> | 2010-02-01 02:28:39 +0000 |
| commit | ad377a77ed88a8a4b0615dd2d2e984bef5b15d93 (patch) | |
| tree | d14452a1ab4d77ffe1fb65cc989c4bc2d9acbff9 /doc/server/plugins/generators/sshbase.txt | |
| parent | 31a9fbebcbcc0aafed741fa48b253163bcae2c69 (diff) | |
| download | bcfg2-ad377a77ed88a8a4b0615dd2d2e984bef5b15d93.tar.gz bcfg2-ad377a77ed88a8a4b0615dd2d2e984bef5b15d93.tar.bz2 bcfg2-ad377a77ed88a8a4b0615dd2d2e984bef5b15d93.zip | |
doc: Add server/reports sections
Signed-off-by: Sol Jerome <solj@ices.utexas.edu>
git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@5709 ce84e21b-d406-0410-9b95-82705330c041
Diffstat (limited to 'doc/server/plugins/generators/sshbase.txt')
| -rw-r--r-- | doc/server/plugins/generators/sshbase.txt | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/doc/server/plugins/generators/sshbase.txt b/doc/server/plugins/generators/sshbase.txt new file mode 100644 index 000000000..21d4117fa --- /dev/null +++ b/doc/server/plugins/generators/sshbase.txt @@ -0,0 +1,40 @@ +.. -*- mode: rst -*- + +.. _server-plugins-generators-sshbase: + +======= +SSHbase +======= + +SSHbase is a purpose build bcfg2 plugin for managing ssh host keys. It is responsible for making ssh keys persist beyond a client rebuild and building a proper ssh_known_hosts file, including a correct localhost record for the current system. + +It has two functions: + +* Generating new ssh keys -- When a client requests a dsa, rsa, or v1 key, and there is no existing key in the repository, one is generated. +* Maintaining the ssh_known_hosts file -- all current known public keys (and extra public key stores) are integrated into a single ssh_known_hosts file, and a localhost record for the current client is added. The ssh_known_hosts file data is updated whenever any keys change, are added, or deleted. + +Interacting with SSHbase +======================== + +* Pre-seeding with existing keys -- Currently existing keys will be overwritten by new, sshbase-managed ones by default. Pre-existing keys can be added to the repository by putting them in <repo>/SSHbase/<key filename>.H_<hostname> +* Pre-seeding can also be performed using bcfg2-admin pull ConfigFile /name/of/ssh/key +* Revoking existing keys -- deleting <repo>/SSHbase/\*.H_<hostname> will remove keys for an existing client. + +Aliases +======= + +SSHbase has support for Aliases listed in clients.xml. The address for the entries are specified either through DNS (e.g. a CNAME), or via the address attribute to the Alias. + +Getting started +=============== + +#. Add SSHbase to the generators line (plugins line in 1.0 or greater) in /etc/bcfg2.conf and restart the server -- This enables the SSHbase plugin in the bcfg2 server. +#. Add Path entries for /etc/ssh/ssh_known_hosts, and /etc/ssh/ssh_host_dsa_key, etc to a bundle or base. +#. Enjoy. + +At this point, SSHbase will generate new keys for any client without a recorded key in the repository, and will generate an ssh_known_hosts file appropriately. + +Blog post +========= + +http://www.ducea.com/2008/08/24/using-the-bcfg2-sshbase-plugin/ |