Issue #7888 has been reported by mark risher.
----------------------------------------
Bug #7888: ssh_authorized_key keeps adding the same key if key-hostname
specified
https://projects.puppetlabs.com/issues/7888
Author: mark risher
Status: Unreviewed
Priority: Normal
Assignee:
Category:
Target version:
Affected Puppet version: 2.6.4
Keywords:
Branch:
If the `key` value in the `ssh_authorized_key` resource contains a comment at
the end, puppet will continue adding the key to the authorized_keys file on
every run. This yields an authorized_keys file with dozens or hundreds of
identical, redundant rows.
For example, consider the following:
ssh_authorized_key { "nagios":
ensure => present,
type => 'ssh-rsa',
key => 'AAAAB3NzaC1yc...[truncated]...+Kno9w==
[email protected]',
user => 'nagios',
}
With this resource, on every run of puppet, the `nagios` user's authorized_keys
file will receive another copy of the same stupid key. To work around it,
remove the `[email protected]` from the end, making the `key` end
with `==`:
ssh_authorized_key { "nagios":
ensure => present,
type => 'ssh-rsa',
key => 'AAAAB3NzaC1yc...[truncated]...+Kno9w==',
user => 'nagios',
}
The reason people are adding this field, is because that is what appears in
your `id_rsa.pub` when you create it.
The fix is among: 1) documentation change, 2) stop adding keys just because
that field is present, or 3) reject the key if it has this field present.
Observed in Puppet versions up through 2.6.4
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en.
