Rudder

Really thank you Alex for that brand new Technique!

Nicolas, or Matthieu, can you look into it ?

Wow, thank you very much Alex. This is clearly a very nice technique, very clear and readable.

As in #4439, I have on question: is it necessary to define the configuration file holding keys ?
Otherwise, everything look in perfect to me, except maybe replacing

      "userdata_${sshkey_disable_index}" 
        string  => execresult("/usr/bin/getent passwd ${sshkey_disable_name[${sshkey_disable_index}]}", "noshell");
      "no_${sshkey_disable_index}" 
        int     => parsestringarray("userarray_${sshkey_disable_index}", "${userdata_${sshkey_disable_index}}", "", ":", "1000", "200000" );
      "homedir[${sshkey_disable_index}]" 
        string  => "${userarray_${sshkey_disable_index}[${sshkey_disable_name[${sshkey_disable_index}]}][5]}";

by

      "homedir[${sshkey_disable_index}]" 
        string  => execresult("/bin/echo ~${sshkey_disable_name[${sshkey_disable_index}]}", "useshell");

it has the advantage of being a bit easier to read, and if the user is not there, it tries to edit the file ~user/.ssh/file which will fail, rather than not doing anything (and not reporting anything). But I reckon that we are currently using the method you used in the Technique

I have updated the technique to remove the global variable SSH_DISABLE_KEY_CONFIG_BASENAME (see http://www.rudder-project.org/redmine/issues/4439 for details).

Thank you very much !

I have a question on this one. Do you think it make sense to create a new technique for this?

It feel it would be a welcomed addition to the SSHKeyDistribution Technique, and adding an option (or a section) "Delete ssh keys" that would delete keys

What do you think of it Alex and Jon ?

Benoit, could you take a fresh look at that one ?