salt-ssh provides a way to run salt remotely without it being installed on the destination system. This means, for example, that I can use it to manage my user’s dotfiles on the BlueBEAR HPC cluster.
salt-ssh uses a roster-file to map host identifiers to the host it should connect to. By default this file is /etc/salt/roster and I have chosen to manage it with salt on the host I will be running salt from.
Connecting for the first time
When connecting to a ssh server for the first time, run salt-ssh with
-i to auto accept the remote key.
Deploy the salt-ssh key for login
You can use
ssh-copy-id, (the OpenSSH key deployment tool) to deploy keys to your servers:
ssh-copy-id -i /etc/salt/pki/master/ssh/salt-ssh.rsa.pub firstname.lastname@example.org
or, just copy the key from