puppet enterprise node install - Security risk?

Question

I am learning puppet and using this tool install puppet clients on nodes.

puppet node install --login=root --keyfile=~/.ssh/id_rsa --install-script puppet-enterprise --installer-payload ~/puppet/puppet-enterprise-2.7.0-ubuntu-12.04-amd64.tar.gz --installer-answers ~/puppet/installer.answers --puppetagent-certname puppet.node01.example.com 192.168.1.100

Everything seems to work ok. My question is why this command requires me to pass along the private key of the ssh user. Shouldn't this only require the public key?

Isn't this a security risk? It was my understanding you are supposed to keep your private key PRIVATE.

score 2 · Accepted Answer · answered Mar 22 '13 at 16:26

The private key is staying private. All this is doing is telling puppet which SSH key to use to connect to the remote system. The corresponding public key must already be installed on the remote system.

This is akin to running ssh -i ~/.ssh/id_rsa - which is useful in case you use multiple private keys.

score 0 · Answer 2 · answered Mar 22 '13 at 16:28

0

The reason it needs the private key is to authenticate. Think of it like passing on your password.

answered Mar 22 '13 at 16:28

Tradiuz

127
1
9

puppet enterprise node install - Security risk?

2 Answers2