Install single SSH key multiple times on single machine via puppet

ssh puppet

You are correct that the main concept of your solution is wrong, but I think it is wrong far earlier than you suspect. The best practice is to not share accounts; each user should have an individual account and use sudo to perform tasks that require alternate privileges. If you honestly must share one or more accounts, then allow your users to sudo su - ACCOUNT instead of logging in directly as ACCOUNT. For example:

user { 'alice': groups => ['developer', 'deployer', 'root'] # other params... }
ssh_authorized_key { 'alice': #params }

Then add appropriate entries in your /etc/sudoers (also hopefully managed by puppet!):

# deployer group can run the deployment script without a password.
%deployer  ALL = NOPASSWD: /usr/local/bin/deploy
# developer group can run commands as 'developer'
%developer ALL = (developer) ALL
# or, if you actually *must* allow them to log in as 'developer'
%developer ALL = /usr/bin/su developer

Related

What are the best practices for monitoring and alerting for low level JVM metrics?
Very, very simple asp.net page takes forever to load
Redirection by IP causing infinite loop
RemoteApp: Logging in as user x disconnects user y
md5sum of large files gives different results sometimes
Native ZFS doesn't free up space when deleting files
see all active virtual hosts in nginx?
Slower/cached Linux file system required
Does nginx auth_basic work over HTTPS?
Exchange 2010 servers - transaction logs growing faster than expected
bonding driver broken on centos6?
Who is the "author" of a file (Gnu "ls" manual)