SSHbase: support encryption of generated ssh keys

author: Chris St. Pierre <chris.a.st.pierre@gmail.com> 2013-10-07 09:51:59 -0400
committer: Chris St. Pierre <chris.a.st.pierre@gmail.com> 2013-10-07 09:51:59 -0400
commit: 45863fb1d059b420fef3739acb75e15d234f30e3 (patch)
tree: 79af358133fbb32179b3ee9e51fb761c863dda31 /doc
parent: 57aa79fa5acf676694e6d653d9d04753383723fb (diff)
download: bcfg2-45863fb1d059b420fef3739acb75e15d234f30e3.tar.gz
bcfg2-45863fb1d059b420fef3739acb75e15d234f30e3.tar.bz2
bcfg2-45863fb1d059b420fef3739acb75e15d234f30e3.zip
1 files changed, 11 insertions, 0 deletions
diff --git a/doc/server/plugins/generators/sshbase.txt b/doc/server/plugins/generators/sshbase.txt
index 2b6c8640b..641b9c598 100644
--- a/doc/server/plugins/generators/sshbase.txt
+++ b/doc/server/plugins/generators/sshbase.txt
@@ -160,6 +160,17 @@ in order to permit :ref:`pulling with bcfg2-admin
 <server-admin-pull>`.  You should almost certainly set ``sensitive``
 to "true" in ``info.xml``.
 
+Encryption
+==========
+
+SSHbase can optionally encrypt the private keys that it generates.  To
+enable this feature, set the ``passphrase`` option in the
+``[sshbase]`` section of ``bcfg2.conf`` to the name of the passphrase
+that should be used to encrypt all SSH keys.  (The passphrases are
+enumerated in the ``[encryption]`` section.)  See
+:ref:`server-encryption` for more details on Bcfg2 encryption in
+general.
+
 Blog post
 =========
author	Chris St. Pierre <chris.a.st.pierre@gmail.com>	2013-10-07 09:51:59 -0400
committer	Chris St. Pierre <chris.a.st.pierre@gmail.com>	2013-10-07 09:51:59 -0400
commit	45863fb1d059b420fef3739acb75e15d234f30e3 (patch)
tree	79af358133fbb32179b3ee9e51fb761c863dda31 /doc
parent	57aa79fa5acf676694e6d653d9d04753383723fb (diff)
download	bcfg2-45863fb1d059b420fef3739acb75e15d234f30e3.tar.gz bcfg2-45863fb1d059b420fef3739acb75e15d234f30e3.tar.bz2 bcfg2-45863fb1d059b420fef3739acb75e15d234f30e3.zip