Merge pull request #27484 from rallytime/bp-27434-and-27470

Back-port #27434 and #27470 to 2015.5
2024-11-07 08:58:59 +00:00 · 2015-09-29 09:32:03 -06:00 · 2015-09-29 09:32:03 -06:00 · 9c2c028953
commit 9c2c028953
parent 927874d316 5de2ee35ab
1 changed files with 36 additions and 0 deletions
--- a/doc/topics/ssh/index.rst
+++ b/doc/topics/ssh/index.rst
@ -60,6 +60,42 @@ address. A more elaborate roster can be created:
    sudo works only if NOPASSWD is set for user in /etc/sudoers:
    ``fred ALL=(ALL) NOPASSWD: ALL``

+Deploy ssh key for salt-ssh
+===========================
+
+By default, salt-ssh will generate key pairs for ssh, the default path will be
+/etc/salt/pki/master/ssh/salt-ssh.rsa
+
+You can use ssh-copy-id, (the OpenSSH key deployment tool) to deploy keys to your servers.
+
+.. code-block:: bash
+
+   ssh-copy-id -i /etc/salt/pki/master/ssh/salt-ssh.rsa user@server.demo.com
+
+One could also create e a simple shell script, named salt-ssh-copy-id.sh as follows:
+
+.. code-block:: bash
+
+   #!/bin/bash
+   if [ -z $1 ]; then
+      echo $0 user@host.com
+      exit 0
+   fi
+   ssh-copy-id -i /etc/salt/pki/master/ssh/salt-ssh.rsa $1
+
+
+.. note::
+
+Be certain to chmod +x salt-ssh-copy-id.sh.
+
+.. code-block:: bash
+
+   ./salt-ssh-copy-id.sh user@server1.host.com
+   ./salt-ssh-copy-id.sh user@server2.host.com
+
+Once keys are successfully deployed, salt-ssh can be used to control them.
+
+
 Calling Salt SSH
 ================