[FEATURE REQUEST] Generate and rotate SSH keys for a specific user across the minion hosts

[ajs95]

Describe the solution you'd like
Require a module to configure passwordless ssh for specific user.
To generate and rotate SSH keys for a specific user across the minion hosts.

Describe alternatives you've considered
Alternative solutions was to run Shell scripts with "cmd.run" module

Please Note
If this feature request would be considered a substantial change or addition, this should go through a SEP process here https://github.com/saltstack/salt-enhancement-proposals, instead of a feature request.

[welcome]

Hi there! Welcome to the Salt Community! Thank you for making your first contribution. We have a lengthy process for issues and PRs. Someone from the Core Team will follow up as soon as possible. In the meantime, here’s some information that may help as you continue your Salt journey.
Please be sure to review our Code of Conduct. Also, check out some of our community resources including:

• Community Wiki
• Salt’s Contributor Guide
• Join our Community Slack
• IRC on LiberaChat
• Salt Project YouTube channel
• Salt Project Twitch channel

There are lots of ways to get involved in our community. Every month, there are around a dozen opportunities to meet with other contributors and the Salt Core team and collaborate in real time. The best way to keep track is by subscribing to the Salt Community Events Calendar.
If you have additional questions, email us at saltproject@vmware.com. We’re glad you’ve joined our community and look forward to doing awesome things with you!

[dwoz]

Please Note If this feature request would be considered a substantial change or addition, this should go through a SEP process here https://github.com/saltstack/salt-enhancement-proposals, instead of a feature request.

We no longer maintain the SEP process.

[nf-brentsaner]

@ajs95 Unless I'm missing something, this can already be done easily using a cmd.run for ssh-keygen and a scheduler. Or by just adding and enabling a systemd timer.

What does this FR add that either of those doesn't accomplish?

[lkubb]

I'm unsure whether this is a duplicate of #65197 or which functionality is requested in addition to that.

this can already be done easily using a cmd.run for ssh-keygen and a scheduler

While cmd.run can serve as a workaround for missing SSH key management ability, it's often brittle. Many included modules are essentially a more portable/reliable version of their CLI counterpart...

adding and enabling a systemd timer

... and serve to integrate the functionality into Salt more deeply.

The PR fixing the above-mentioned FR (#64708) should help with the implementation of a robust and configurable scheduled key rotation SLS. It would also allow to go one step further and have a basic Salt-managed SSH CA*, which avoids having to rely on the scheduler/mine/reactors.

* like it is already possible with X509 certs