Make an /etc/ssh/puppetkeys for future use, and have sshd read keys from there already

diff --git a/modules/ssh/manifests/init.pp b/modules/ssh/manifests/init.pp
index 139a373..367cae6 100644 (file)
--- a/modules/ssh/manifests/init.pp
+++ b/modules/ssh/manifests/init.pp
@@ -33,6 +33,15 @@ class ssh {
                mode    => '0755',
                require => Package['openssh-server']
        }
+       file { '/etc/ssh/puppetkeys':
+               ensure  => directory,
+               mode    => '0755',
+               purge   => true,
+               recurse => true,
+               force   => true,
+               source  => 'puppet:///files/empty/',
+               require => Package['openssh-server']
+       }
        file { '/etc/ssh/userkeys/root':
                content => template('ssh/authorized_keys.erb'),
        }

diff --git a/modules/ssh/templates/sshd_config.erb b/modules/ssh/templates/sshd_config.erb
index fb38fe0..04a27e5 100644 (file)
--- a/modules/ssh/templates/sshd_config.erb
+++ b/modules/ssh/templates/sshd_config.erb
@@ -45,7 +45,7 @@ Subsystem sftp /usr/lib/openssh/sftp-server
 
 UsePAM yes
 
-AuthorizedKeysFile /etc/ssh/userkeys/%u /var/lib/misc/userkeys/%u /etc/ssh/userkeys/%u.more
+AuthorizedKeysFile /etc/ssh/userkeys/%u /var/lib/misc/userkeys/%u /etc/ssh/userkeys/%u.more /etc/ssh/puppetkeys/%u
 
 PasswordAuthentication no