-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add a salt-ssh config to use homedir RSA keys #32807
Conversation
New config option defaults to False. If set to True, salt-ssh will look first for ~/.ssh/id_rsa and use that key for default authentication if it exists.
* upstream/develop: Add a salt-ssh config to use homedir RSA keys (saltstack#32807) Add code-block directives for bash-label formatting (saltstack#32797) hardcoded family in negative position calculation (saltstack#32793) Libcloud DNS execution module (saltstack#32694) Fix typo in thorium, keeping it from working (saltstack#32791) doc fix: correct CLI example for dnsmasq fullversion fun (saltstack#32788) Add pending reboot check to win_system (saltstack#32767) Append failed cmd in comments. (saltstack#32651) Execution module for PSGet ( the powershell module management library ) (saltstack#32687) Server Density agentv2 support (saltstack#32772) Add max_depth parameter to file.directory, fixes saltstack#31989 (saltstack#32463) Remove check_or_die for venv_bin (saltstack#32713) Add certificate binding to win_iis (saltstack#32700) Fix issue where pyVmomi 6.0.0 raises SSL errors on Debian 8.3 (saltstack#32760) Fix suse libcloud support/hack (saltstack#32744) Confidant sdb and ext_pillar support (saltstack#32757) Celery task execution module (saltstack#32766) Adding some additional checks to thorium/check.py
this fix allows only usage of rsa key, what if I have dsa key? |
It would be pretty simple to have this check for a dsa key as well. You can also just configure |
My initial idea was to simplify config and if we don't set anything explicitly let ssh choose like it does when used directly. |
We want the default to be salt-ssh's own generated keys. I'd be OK with having a config setting that instead used ssh's default search pattern, but it should not be the default. |
Thanks for clarification @basepi I'm sure you have strong reasons to implement this logic, I just want to note that for me and my colleagues using default ssh keys without need to explicitly list them in the config is more convenient. |
Cool, yeah, I think just a config value to change that default behavior is probably the best way to go. Not sure how easy it will be to just defer to ssh for that key search but it should be doable. |
Thanks @basepi ! This will be very helpful for us. Do you want me to file separate issue regarding this option? |
Yes please. Ping me on the new issue once it's created. |
Done. |
What does this PR do?
Add a salt-ssh configuration option to use homedir RSA keys by default.
New config option defaults to False. If set to True, salt-ssh will look
first for ~/.ssh/id_rsa and use that key for default authentication if
it exists.
What issues does this PR fix or reference?
#16196
Tests written?
No