This is a pre-production deployment of Warehouse, however changes made here WILL affect the production instance of PyPI.
Latest Version Dependencies status unknown Test status unknown Test coverage unknown
Project Description

claviger

claviger manages the SSH authorized_keys files for you.

Quick introduction

Tell claviger which keys you want to put on which server by creating a ~/.claviger-file. An example

keys:
    laptop: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINYZEwjtu8w9Hsvx85TlYE95MLV9Whc3N1ajrH7+gu7A
    desktop: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICUef9frJIX7tjvZkYYMtr4IdD/GcKz6/X5qvLxM1Z8O desktop
    work: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICrycv44eyFwWJ7QQsGOnjEiAsFSdxIoAEzBPSO/AQB5 work
servers:
    myprivateserver.com:
        user: myusername
        present:
            - laptop
            - desktop
    root@myotherserver.com:
        like: myprivateserver.com
        present:
            - work
        keepOtherKeys: false
    workuser@workserver.com:
        present:
            - work
            - desktop
        absent:
            - laptop

Then run claviger. By default claviger only tells which changes it wants to make, but does not make them. If the changes seem fine, run claviger -f, which allows claviger to make changes.

Installation

To install claviger, simply run:

pip install claviger

Claviger config file

A .claviger is written in YAML. It consists of two maps: the keys map and the servers map.

servers:
    server_key:
        # ... (server stanza)
    server_key2:
        # ... (server stanza)
keys:
    key_name: # ... (ssh public key)
    key_name2: # ... (ssh public key)

As seen in the example at the top, the keys map has as values SSH public keys as they would appear in an authorized_keys file.

The servers map consists of key-stanza pairs. Each stanza is a map of option name/value pairs, like:

server_key:
    option_name: option_value
    option_name2: option_value
    # ...

See below for the available options in the server-stanza’s.

Server key

The key of a server stanza is of the following form:

[user@]hostname[:port]

Examples of keys are

  • just-a-hostname.nl
  • user@some-server.com
  • some-server.nl:1234
  • user@and-port.com:22022

You can also specify user, hostname and port explicitly. See below.

If a server key starts with a dollar sign (for instance $work), then it is considered abstract — see below.

Server stanzas

A server stanza is a map which may have the following entries.

name
The name of the server.
Default: stanza key.
hostname
The hostname of the server.
Default: derived from stanza key.
user
The user for which to manage the authorized_keys file
Default: root if not derived from stanza key.
present
A list of key names that must be in the authorized_keys file.
Default: the empty list []
absent
A list of SSH-keys that should be removed from the authorized_keys file.
Default: the empty list []
keepOtherKeys
true or false. If set to false, claviger will remove all keys not explicitly allowed form the authorized_keys file.
Default: true.
allow
A list of SSH-keys that are also allowed to be in the authorized_keys file if keepOtherKeys is set to false. These keys will not be added, if not present already.
Default: the empty list []
like
Name of another server stanza. If set, the entries of the other server stanza will be used as default values for this server stanza.
Default: $default
ssh_user
The user to use to get and put the authorized_keys file.
Default: the same as user
port
The port to use to connect to the server.
Default: 22.
abstract
true or false. If set to true, claviger will not check this server. See below.
Default: false

Abstract servers and $default

claviger will not check an abstract server. This is useful to cleanly configure multiple server.

servers:
    $mine:
        keepOthers: false
        present:
            - my_first_key
            - my_second_key
    $work:
        present:
            - my_work_key
        absent:
            - my_first_key

    my-first-server.tld:
        like: $mine
    my-second-server.tld:
        like: $mine
    alpha.at-work.tld:
        like: $work
    beta.at_work.tld:
        like: $work

By default, server inherits from the hidden $default abstract server.

servers:
    $default:
        user: myname
        present:
            - this_key_is_put_everywhere
    host1.tld: # will use myname as user
    host2.tld: # "
    root@host3.tld  # will use root as user
    host4.tld:
        absent:
            - this_key_is_put_everywhere # except here

claviger Changelog

0.2.1 (2016-03-15)

  • Add missing dependency to jsonschema. (Thanks-to: Joost Rijneveld)
  • Properly decode output of scp. (Thanks-to: Joost Rijneveld)

0.2 (2016-01-14)

  • Add allow-list to server stanza.

    If keepOtherKeys is set to false, claviger will remove any keys present except for those in the present and allow list.

  • Add abstract servers. Let every server inherit from the hidden abstract server $default.

  • Allow

    servers:
        server1:
        server2:
    

    which is prettier than

    servers:
        server1: {}
        server2: {}
    
  • bugfix: actually set server name with name option.

0.1.2 (2016-01-08)

  • Show the correct number of keys actually removed.

0.1.1 (2015-12-21)

  • Some cosmetic changes.
  • Show example configuration file, if claviger isn’t configured yet.
  • Python 3 compatibility.

0.1.0 (2015-12-14)

  • Initial release.
Release History

Release History

0.2.1

This version

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.2

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.1.2

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.1.1

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.1.0

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.1.0.dev0

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

Download Files

Download Files

TODO: Brief introduction on what you do with files - including link to relevant help section.

File Name & Checksum SHA256 Checksum Help Version File Type Upload Date
claviger-0.2.1.tar.gz (27.1 kB) Copy SHA256 Checksum SHA256 Source Mar 15, 2016

Supported By

WebFaction WebFaction Technical Writing Elastic Elastic Search Pingdom Pingdom Monitoring Dyn Dyn DNS HPE HPE Development Sentry Sentry Error Logging CloudAMQP CloudAMQP RabbitMQ Heroku Heroku PaaS Kabu Creative Kabu Creative UX & Design Fastly Fastly CDN DigiCert DigiCert EV Certificate Rackspace Rackspace Cloud Servers DreamHost DreamHost Log Hosting