A sensible approach to access control for servers is to use named user accounts with passphrase-protected SSH keys, rather than having users share an account with a widely known password. Puppet makes this easy to manage thanks to the built-in
To combine this with virtual users, as described in the previous section, you can create a
define, which includes both the
ssh_authorized_key resources. This will also come in handy when adding customization files and other resources to each user.
Follow these steps to extend your virtual users' class to include SSH access:
ssh_userto contain our
ssh_userdefinition. Create the