[Puppet-bugs] [Puppet - Bug #1549] (Needs more information) ssh_authorized_keys provider creates keys-file with root ownership

[redmine]

Issue #1549 has been updated by Fujin.

Status changed from Accepted to Needs more information

My testing shows that ssh_authorized_keys, when creating an authorized key for 
a named user (in this case, steven):

<pre>
node "junglist.gen.nz" {
  ssh_authorized_key {
  "[EMAIL PROTECTED]":
    user => steven,
    type => "ssh-dss",
    key => 
"AAAAB3NzaC1kc3MAAACBAM/ihK4x0EXctmf8DgDskp4bAIrQOiDg80d74tIh5md8ZToVYVrrJ8YiXEOFldkFGRRmNWdLXSsSEh7yyNpWIu/Tc3S6Me8qWrUuGWXdZxx2sUkcOqU+AN6Zhj9piCmwSxZ0LEOaRkbp5U5bPSaA7l2vB3g098L4T1Hm4GULU8rdAAAAFQCl/skb6W0v7zEFJGzhTIRPOHhvUQAAAIEAwH9hXI9hTU4ImqA1p9Qjr0a3mZST5hEXkDrKZ4PerWUzDCHasXi3OQoNaYDQ4VuWWrqIfDWKGBrXNWmwDkwLefMkLc7+TgR/E05MM09ZbqIPUUQVjZAtMfUsyzCA8RlA873b8r5LBAAHgzHV/B9Y3+E9tfrKDWPkQeLkWo56G1kAAACAQozVW/05RB75RPWoffzDEiXZOkmiXdO6rb/H8AiCfUvkEy+5+8+8OLIrJNxWh2YIKcN3CJ4yJ4SYmqt2r9qm8Wq9pOcoR0o5Ulubnc2Vl9EhyIioWSgAWRK9BQv3khKCOabC7C5kwf42Yv/cfwE9L7txPZoV1LM3s12OD01zHaA=",
    ensure => present;
  }
}
</pre>

puppet/puppetmaster generated the following folders and files (which were 
previously nonexistent)
<pre>
[EMAIL PROTECTED] /home/steven# ls -la .ssh/
total 12
drwx------ 2 steven root   4096 2008-09-06 23:31 .
drwxr-xr-x 7 steven steven 4096 2008-09-06 23:31 ..
-rw------- 1 steven root    786 2008-09-06 23:31 authorized_keys
</pre>

Not sure this is valid - need more information. Works on my system:
<pre>
[EMAIL PROTECTED] ~$ ssh [EMAIL PROTECTED]
Linux junglist.gen.nz 2.6.24-19-server #1 SMP Sat Jul 12 00:40:01 UTC 2008 i686
Last login: Sat Sep  6 16:27:46 2008 from ip-118-90-70-56.xdsl.xnet.co.nz
</pre>
----------------------------------------
Bug #1549: ssh_authorized_keys provider creates keys-file with root ownership
http://reductivelabs.com/redmine/issues/show/1549

Author: PaulBoven
Status: Needs more information
Priority: Normal
Assigned to: ctrlaltdel
Category: ssh
Target version: 
Complexity: Unknown
Affected version: 0.24.4
Keywords: 


Trying to distribute a ssh_authorized_key with puppet, but the provider creates 
the file with 'root' ownership, with mode 0600, even when creating a 
.ssh/authorized_keys file for another user. This means that password-less login 
doesn't actually work because sshd isn't able to read that file after dropping 
permissions, and also the user has no permission to edit the file. This only 
happens if the file did not previously exist.

Workaround: For each user, add to the manifest:

file { "/home/user/.ssh/authorized_keys" : owner => user, group => user, mode 
=> 600,
       require => Ssh_authorized_key["[EMAIL PROTECTED]"] }

(The 'require' might not be absolutely necessary if puppet does not change 
ownership of the file once it is created.)

This is on puppet 0.24.4 (Debian Etch backports)


----------------------------------------
You have received this notification because you have either subscribed to it, 
or are involved in it.
To change your notification preferences, please click here: 
http://reductivelabs.com/redmine/my/account

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Puppet Bugs" group.
To post to this group, send email to puppet-bugs@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/puppet-bugs?hl=en
-~----------~----~----~----~------~----~------~--~---