diff --git a/Documentation/cloud-config-deprecated.md b/Documentation/cloud-config-deprecated.md new file mode 100644 index 0000000..8c80259 --- /dev/null +++ b/Documentation/cloud-config-deprecated.md @@ -0,0 +1,38 @@ +# Deprecated Cloud-Config Features + +## Retrieving SSH Authorized Keys + +### From a GitHub User + +Using the `coreos-ssh-import-github` field, we can import public SSH keys from a GitHub user to use as authorized keys to a server. + +```yaml +#cloud-config + +users: + - name: elroy + coreos-ssh-import-github: elroy +``` + +### From an HTTP Endpoint + +We can also pull public SSH keys from any HTTP endpoint which matches [GitHub's API response format](https://developer.github.com/v3/users/keys/#list-public-keys-for-a-user). +For example, if you have an installation of GitHub Enterprise, you can provide a complete URL with an authentication token: + +```yaml +#cloud-config + +users: + - name: elroy + coreos-ssh-import-url: https://github-enterprise.example.com/api/v3/users/elroy/keys?access_token= +``` + +You can also specify any URL whose response matches the JSON format for public keys: + +```yaml +#cloud-config + +users: + - name: elroy + coreos-ssh-import-url: https://example.com/public-keys +``` diff --git a/Documentation/cloud-config.md b/Documentation/cloud-config.md index 8d6291a..ffce8fc 100644 --- a/Documentation/cloud-config.md +++ b/Documentation/cloud-config.md @@ -334,9 +334,9 @@ All but the `passwd` and `ssh-authorized-keys` fields will be ignored if the use - **groups**: Add user to these additional groups - **no-user-group**: Boolean. Skip default group creation. - **ssh-authorized-keys**: List of public SSH keys to authorize for this user -- **coreos-ssh-import-github**: Authorize SSH keys from GitHub user -- **coreos-ssh-import-github-users**: Authorize SSH keys from a list of GitHub users -- **coreos-ssh-import-url**: Authorize SSH keys imported from a url endpoint. +- **coreos-ssh-import-github** [DEPRECATED]: Authorize SSH keys from GitHub user +- **coreos-ssh-import-github-users** [DEPRECATED]: Authorize SSH keys from a list of GitHub users +- **coreos-ssh-import-url** [DEPRECATED]: Authorize SSH keys imported from a url endpoint. - **system**: Create the user as a system user. No home directory will be created. - **no-log-init**: Boolean. Skip initialization of lastlog and faillog databases. - **shell**: User's login shell. @@ -382,43 +382,6 @@ perl -e 'print crypt("password","\$6\$SALT\$") . "\n"' Using a higher number of rounds will help create more secure passwords, but given enough time, password hashes can be reversed. On most RPM based distributions there is a tool called mkpasswd available in the `expect` package, but this does not handle "rounds" nor advanced hashing algorithms. -#### Retrieving SSH Authorized Keys - -##### From a GitHub User - -Using the `coreos-ssh-import-github` field, we can import public SSH keys from a GitHub user to use as authorized keys to a server. - -```yaml -#cloud-config - -users: - - name: elroy - coreos-ssh-import-github: elroy -``` - -##### From an HTTP Endpoint - -We can also pull public SSH keys from any HTTP endpoint which matches [GitHub's API response format](https://developer.github.com/v3/users/keys/#list-public-keys-for-a-user). -For example, if you have an installation of GitHub Enterprise, you can provide a complete URL with an authentication token: - -```yaml -#cloud-config - -users: - - name: elroy - coreos-ssh-import-url: https://github-enterprise.example.com/api/v3/users/elroy/keys?access_token= -``` - -You can also specify any URL whose response matches the JSON format for public keys: - -```yaml -#cloud-config - -users: - - name: elroy - coreos-ssh-import-url: https://example.com/public-keys -``` - ### write_files The `write_files` directive defines a set of files to create on the local filesystem.