Jonas Genannt

The last years I have used several tools to distribute the public ssh keys of my users across the servers but they don't fit anymore. I use puppet for my infrastructure but the build in puppet feature ssh_authorized_key does not fit.

I have different users across my servers and same users on many servers (e.g. web farms).

One public ssh key can be an member of:

• an ssh public key group that is mapped to an user on an server


• an ssh public key group that is mapped to an user on an sever group


• an user mapped to an server


• an user mapped to an server group

I have created an Webapp with an ajax interface. You can drag & drop the ssh key groups or ssh keys to an user.

The key will be deployed via an puppet parser function, you need the storeconfig feature in puppet.

The webapp has got an own database (postgres) but you can merge the puppet storeconfig database to the server manager database (via an rake task). If you specify an regular expression on your server groups, an new merged server will be automatically added to the group and on the next run of puppet the keys from the server group will be deployed without any action from you.

Puppet stuff:

• puppet module


• puppet function to fetch the keys from the webapp


• fact to fetch existing users on the servers (not needed, but features auto complete in the app)

drag & drop the ssh keys or the ssh key groups from right to left into the users on the servers or server groups

public ssh key distribution with puppet and ajax interface from Jonas on Vimeo.