Managing users' SSH access
A sensible approach to access control for servers is to use named user accounts with passphrase-protected SSH keys, rather than having users share an account with a widely known password. Puppet makes this easy to manage thanks to the built-in ssh_authorized_key type.
To combine this with virtual users, as described in the previous section, you can create define which includes both the user and ssh_authorized_key. This will also come in useful for adding customization files and other per-user resources.
How to do it…
Follow these steps to extend your virtual users class to include SSH access:
Modify your
modules/user/manifests/virtual.ppfile as follows (if you haven't created this yet, work through the Managing users with virtual resources section first):class user::virtual { define ssh_user($key) { user { $name: ensure => present, managehome => true, } file { "/home/${name}/.ssh": ensure => directory, mode =>...
