From 02b16838e8bf78c5f981d171993a7a18f520012d Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Sun, 8 Sep 2019 10:24:41 +0200
Subject: [PATCH] Make an /etc/ssh/puppetkeys for future use, and have sshd
 read keys from there already

---
 modules/ssh/manifests/init.pp         | 9 +++++++++
 modules/ssh/templates/sshd_config.erb | 2 +-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/modules/ssh/manifests/init.pp b/modules/ssh/manifests/init.pp
index 139a3736d..367cae68d 100644
--- a/modules/ssh/manifests/init.pp
+++ b/modules/ssh/manifests/init.pp
@@ -33,6 +33,15 @@ class ssh {
 		mode    => '0755',
 		require => Package['openssh-server']
 	}
+	file { '/etc/ssh/puppetkeys':
+		ensure  => directory,
+		mode    => '0755',
+		purge   => true,
+		recurse => true,
+		force   => true,
+		source  => 'puppet:///files/empty/',
+		require => Package['openssh-server']
+	}
 	file { '/etc/ssh/userkeys/root':
 		content => template('ssh/authorized_keys.erb'),
 	}
diff --git a/modules/ssh/templates/sshd_config.erb b/modules/ssh/templates/sshd_config.erb
index fb38fe034..04a27e559 100644
--- a/modules/ssh/templates/sshd_config.erb
+++ b/modules/ssh/templates/sshd_config.erb
@@ -45,7 +45,7 @@ Subsystem sftp /usr/lib/openssh/sftp-server
 
 UsePAM yes
 
-AuthorizedKeysFile /etc/ssh/userkeys/%u /var/lib/misc/userkeys/%u /etc/ssh/userkeys/%u.more
+AuthorizedKeysFile /etc/ssh/userkeys/%u /var/lib/misc/userkeys/%u /etc/ssh/userkeys/%u.more /etc/ssh/puppetkeys/%u
 
 PasswordAuthentication no
 
-- 
2.20.1