1 # create an ssh key for user
4 String $keyfile = 'id_rsa',
6 if ! $facts['ssh_keys_users'] {
7 notify { 'We do not have an ssh_keys_users fact!':
10 } elsif ! $facts['ssh_keys_users'][$user] or ! $facts['ssh_keys_users'][$user]["${keyfile}.pub"] {
11 # We use su - rather than user => so that our pam config creates the homedir
12 # for the user if it does not yet exist.
13 exec { "create-${user}-ssh-key-${keyfile}":
15 /bin/su - ${user} -c 'mkdir -p -m 02700 .ssh && ssh-keygen -C "`whoami`@`hostname` (`date +%Y-%m-%d`)" -P "" -f .ssh/${keyfile} -q'
17 onlyif => "/usr/bin/getent passwd '${user}' > /dev/null && ! [ -e ~${user}/'.ssh/${keyfile}' ]",