Pallet executes scripts using push over SSH. Pallet provides several methods for handling SSH identities.

The admin User

To SSH to a node, pallet requires a username and an SSH key. You can pass the admin-user object (use pallet.utils/make-user to create one) to lift and converge using the :user keyword.

For REPL use there is a rebindable var, pallet.utils/*admin-user*, that provides the default admin user. This defaults to your username, and id_rsa identity. You can rebind this using pallet.core/with-admin-user.

Environment

The admin user can also be specified in the :environment

(defpallet
  :services
    {:aws
      {:provider "ec2" :identity "key" :credential "secret-key"
       :environment
         {:user {:username "admin"
                 :private-key-path "/path/to/private-key"
                 :public-key-path "/path/to/public-key"}}}})

Lein and Cake

You can configure the admin-user that is used by the lein and cake plugins, in the ~/.pallet/config.clj file.

(defpallet
  :admin-user
    {:username "admin"
     :private-key-path "/path/to/private-key"
     :public-key-path "/path/to/public-key"})

Other SSH Key Strategies

While convenient, having all your nodes authorise the same SSH key is not the best security practice. Pallet allows you to install a function to provide an identity using your own strategy, with pallet.core/with-middleware. A per node identity could be implemented using something like this:

(require 'pallet.utils)
(require 'pallet.execute)
(require 'pallet.session)
(require 'clj-ssh.ssh)

(defn lookup-identity [node]
  ;; Implement this to
  ;; return [private-key public-key passphrase]
  )

(defn node-based-identity
  [handler]
  (fn [session]
    (binding [pallet.execute/default-agent-atom (atom nil)]
      (apply clj-ssh.ssh/add-identity
       (pallet.execute/default-agent)
       (lookup-identity (pallet.session/target-node session)))
      (handler session))))