Issue #7888 has been updated by mark risher.
Agreed, failing validation when a delimiter (or comment) is present would solve this. As it stands, it's all-too-easy to introduce this bug by copy-pasting the key from an `id_rsa.pub` file. Thanks! ---------------------------------------- Bug #7888: ssh_authorized_key keeps adding the same key if key-hostname specified https://projects.puppetlabs.com/issues/7888 Author: mark risher Status: Unreviewed Priority: Normal Assignee: Category: Target version: Affected Puppet version: 2.6.4 Keywords: Branch: If the `key` value in the `ssh_authorized_key` resource contains a comment at the end, puppet will continue adding the key to the authorized_keys file on every run. This yields an authorized_keys file with dozens or hundreds of identical, redundant rows. For example, consider the following: ssh_authorized_key { "nagios": ensure => present, type => 'ssh-rsa', key => 'AAAAB3NzaC1yc...[truncated]...+Kno9w== [email protected]', user => 'nagios', } With this resource, on every run of puppet, the `nagios` user's authorized_keys file will receive another copy of the same stupid key. To work around it, remove the `[email protected]` from the end, making the `key` end with `==`: ssh_authorized_key { "nagios": ensure => present, type => 'ssh-rsa', key => 'AAAAB3NzaC1yc...[truncated]...+Kno9w==', user => 'nagios', } The reason people are adding this field, is because that is what appears in your `id_rsa.pub` when you create it. The fix is among: 1) documentation change, 2) stop adding keys just because that field is present, or 3) reject the key if it has this field present. Observed in Puppet versions up through 2.6.4 -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
