Usage:
key -h | --help
key init
key list --cloud=CLOUDS [--output=FORMAT]
key list --source=ssh [--dir=DIR] [--output=FORMAT]
key list --source=git [--output=FORMAT] [--username=USERNAME]
key list [--group=GROUP] [--output=FORMAT]
key export [--group=GROUPS] [--filename=FILENAME]
key add [NAME] [--group=GROUPS] [--source=FILENAME]
key add [NAME] [--source=git]
key add [NAME] [--source=ssh]
key delete NAMES [--cloud=CLOUDS] [--dryrun]
key upload [NAMES] [--cloud=CLOUDS] [--dryrun]
key group delete [NAMES] [--group=GROUPS] [--dryrun]
key group add [NAMES] [--group=GROUPS] [--dryrun]
key group upload [--group=GROUPS] --vm=VM [--cloud=CLOUDS] [--dryrun]
key gen (ssh | pem) [--filename=FILENAME] [--nopass] [--set_path] [--force]
key reformat (ssh | pem) [--filename=FILENAME] [--format=FORMAT]
[--nopass] [--pub]
key verify (ssh | pem) [--filename=FILENAME] [--pub] [--check_pass]
Arguments:
NAME The name of the key
NAMES Parameterized list of keys
Options:
--cloud=CLOUDS the cloud providers
--dir=DIR the directory with keys [default: ~/.ssh]
--filename=FILENAME the name and full path to the file
--force force the execution
--format=FORMAT Desired key format (SubjectInfo, SSH,
OpenSSL, PKCS8)
--group=GROUP key group names
--output=FORMAT The format of the output (table, json, yaml)
[default: table]
--source=SOURCE The source for the keys, ssh, git, a filename
--username=USERNAME the source for the keys [default: none]
--vm=VM The name of the VM
--nopass Flag indicating if the key has no password
--pub Indicates that the public key is passed in
--set_path Sets the cloudmesh encryption key path to
the full path of the generated keys
--check_pass Flag where program query user for password
Description:
Please note that some values are read from the cloudmesh.yaml file.
One such value is cloudmesh.profile.user
Management of public keys is an essential component of accessing
virtual machines in the cloud. There are a number of sources where
you can find public keys. This includes the ~/.ssh directory and for
example github. If you do not already have a public-private key pair
they can be generated using cloudmesh
key gen ssh
This will create the public-private keypair of ~/.ssh/id_rsa
and ~/.ssh/id_rsa.pub in OpenSSH format
key gen pem
This will create the public-private keypair of ~/.ssh/id_rsa
and ~/.ssh/id_rsa.pub in PEM format
key gen (ssh | pem) --filename=~/.cloudmesh/foobar
This will generate the public-private key pair of
~/.cloudmesh/foobar and ~/.cloudmesh/foobar.pub
key gen (ssh | pem) --filename=~/.cloudmesh/foobar --set_path
This will generate the keys as stated above, but it will
also set cloudmesh to use these keys for encryption.
Keys can also be verified for their formatting and passwords. By
default cloudmesh checks ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub If the
key is password protected the formatting can only be verified if the
password is provided (--check_pass argument)
key verify pem
Verifies that ~/.ssh/id_rsa has PEM format
key verify ssh --pub
Verifies that ~/.ssh/id_rsa.pub has OpenSSH format
key verify pem --filename=~/.cloudmesh/foobar
Verifies if the private key located at ~/.cloudmesh/foobar
is password protected
key verify pem --filenam=~/.cloudmesh/foobar --check_pass
Request the password to the file, then checks if the
key is in proper PEM format
You may find the need to keep the values of your keys but different
encodings or formats. These aspects of your key can also be changed
using cloudmesh.
key reformat pem
Will reformat the ~/.id_rsa.pub key from PEM to OpenSSH
key reformat ssh
Will reformat the ~/.id_rsa.pub key from OpenSSH to PEM
key reformat --filename=~/.id_rsa --format=PKCS8
Will reformat the private key to PKCS8 format
Keys will be uploaded into cloudmesh database with the add command
under the given NAME. If the name is not specified the name
cloudmesh.profile.user is assumed.
key add NAME --source=ssh
adds the default key in ~/.ssh/id_rsa.pub
key add NAME --source=FILENAME
adds the key specified by the filename with the given name
key add NAME --git --username=username
adds a named github key from a user with the given github
username.
key set
adds the ~/.ssh/id_rsa.pub key with the name specified in
cloudmesh.profile.user.
It also sets the variable key to that user.
Once the keys are uploaded to github, they can be listed To list
these keys the following list functions are provided.
key list --source=git [--username=USERNAME]
lists all keys in git for the specified user. If the
name is not specified it is read from cloudmesh.yaml
key list --source=ssh [--dir=DIR] [--output=OUTPUT]
lists all keys in the directory. If the directory is not
specified the default will be ~/.ssh
key list NAMES
lists all keys in the named virtual machines.
List command can use the [--output=OUTPUT] option
list the keys loaded to cloudmesh in the given format:
json, yaml, table. table is default. The NAME can be
specified and if omitted the name cloudmesh.profile.user
is assumed.
To get keys from the cloudmesh database the following commands are
available:
key delete NAMES
deletes the Named keys. This may also have an impact on
groups
key rename NAME NEW
renames the key from NAME to NEW in the cloudmesh database.
Group management of keys is an important concept in cloudmesh,
allowing multiple users to be added to virtual machines while
managing the keys associated with them. The keys must be uploaded to
cloudmesh database with a name so they can be used in a group.
The --dryrun option executes the command without uploading the
information to the clouds. If no group name is specified the group
name default is assumed. If no cloudnamesh are specified, all active
clouds are assumed. active clouds can be set in the cloudmesh.yaml
file.
key list [--group=GROUP] [--output=FORMAT]
list the key taht are in the specified group.
key group delete [NAMES] [--group=GROUPS] [--dryrun]
deletes the named keys from the named groups.
In some cases you may want to store the public keys in files. For
this reason we support the following commands.
key add [NAME] [--group=GROUPS] [--source=FILENAME]
adds the named file with the keys in the file to the groups.
key export [--group=GROUPS] [--filename=FILENAME]
the command exports the keys to the given group. The keys
are written in the files in yaml format.
Examples for keygroup commands:
cms key add example --source=~/.ssh/id_rsa.pub
cms key add --group=abc --name="laszewsk_git_[0-2]"
cms key list
cms key list --gropu=abc
cms key export --file=~/authorized_keys --group=abc,klm