Issue #9672 has been updated by Moses Mendoza. Assignee changed from David Hill to Daniel Pittman
I assume this was released? Daniel, can you update? ---------------------------------------- Feature #9672: ssh ecdsa keys https://projects.puppetlabs.com/issues/9672#change-68248 Author: David Hill Status: Merged - Pending Release Priority: Normal Assignee: Daniel Pittman Category: ssh Target version: 2.7.x Affected Puppet version: Keywords: ssh Branch: The following patches allows puppet to properly identify ecdsa keys use by SSH. These are now enabled by default in OpenBSD. I'd like to see these put into puppet. See ticket #4488 as well. <pre> --- lib/puppet/type/ssh_authorized_key.rb.orig Sat Aug 6 14:18:42 2011 +++ lib/puppet/type/ssh_authorized_key.rb Thu Sep 22 16:22:13 2011 @@ -23,11 +23,10 @@ module Puppet newproperty(:type) do desc "The encryption type used: ssh-dss or ssh-rsa." - newvalue("ssh-dss") - newvalue("ssh-rsa") - - aliasvalue(:dsa, "ssh-dss") - aliasvalue(:rsa, "ssh-rsa") + newvalues :'ssh-dss', :'ssh-rsa', :'ecdsa-sha2-nistp256', :'ecdsa-sha2-nistp384', :'ecdsa-sha2-nistp521' + + aliasvalue(:dsa, :'ssh-dss') + aliasvalue(:rsa, :'ssh-rsa') end newproperty(:key) do --- spec/unit/type/ssh_authorized_key_spec.rb.orig Sat Aug 6 14:19:01 2011 +++ spec/unit/type/ssh_authorized_key_spec.rb Thu Sep 22 16:23:15 2011 @@ -70,23 +70,11 @@ describe ssh_authorized_key do describe "for type" do - - it "should support ssh-dss" do - proc { @class.new(:name => "whev", :type => "ssh-dss", :user => "nobody") }.should_not raise_error - end - - it "should support ssh-rsa" do - proc { @class.new(:name => "whev", :type => "ssh-rsa", :user => "nobody") }.should_not raise_error - end - - it "should support :dsa" do - proc { @class.new(:name => "whev", :type => :dsa, :user => "nobody") }.should_not raise_error - end - - it "should support :rsa" do - proc { @class.new(:name => "whev", :type => :rsa, :user => "nobody") }.should_not raise_error - end - + [:'ssh-dss', :'ssh-rsa', :rsa, :dsa, :'ecdsa-sha2-nistp256', :'ecdsa-sha2-nistp384', :'ecdsa-sha2-nistp521'].each do |keytype| + it "should support #{keytype}" do + proc { @class.new(:name => "whev", :type => keytype, :user => "nobody") }.should_not raise_error + end + end it "should alias :rsa to :ssh-rsa" do key = @class.new(:name => "whev", :type => :rsa, :user => "nobody") key.should(:type).should == :'ssh-rsa' --- lib/puppet/provider/ssh_authorized_key/parsed.rb.orig Sat Aug 6 14:18:42 2011 +++ lib/puppet/provider/ssh_authorized_key/parsed.rb Fri Sep 23 09:30:15 2011 @@ -17,7 +17,11 @@ require 'puppet/provider/parsedfile' :fields => %w{options type key name}, :optional => %w{options}, :rts => /^\s+/, - :match => /^(?:(.+) )?(ssh-dss|ssh-rsa) ([^ ]+) ?(.*)$/, + # The name field is not optional here. Lines without a name + # will be matched by the "text_line :unrecognised" rule instead. + # (Do not change the (.+) at the end to (.*), or make the preceding + # space optional.) + :match => /^(?:(.+) )?(ssh-dss|ssh-rsa|ecdsa-sha2-nistp256|ecdsa-sha2-nistp384|ecdsa-sha2-nistp521) ([^ ]+) (.+)$/, :post_parse => proc { |h| h[:name] = "" if h[:name] == :absent h[:options] ||= [:absent] @@ -33,6 +37,8 @@ require 'puppet/provider/parsedfile' :optional => %w{options}, :rts => /^\s+/, :match => /^(?:(.+) )?(\d+) (\d+) (\d+)(?: (.+))?$/ + + text_line :unrecognised, :match => // def dir_perm 0700 </pre> -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
