Issue #21811 has been updated by Charlie Sharpsteen. Subject changed from Wrong format /etc/ssh/ssh_known_hosts for ecdsa-sha2-nistp256 keys to Wrong permissions for /etc/ssh/ssh_known_hosts Status changed from Needs Decision to Duplicate Assignee changed from Mark Ruys to Charlie Sharpsteen Keywords changed from ssh to ssh_known_hosts permissions
Mark Ruys wrote: > Puppet should apply mode 644 on /etc/ssh/ssh_known_hosts and as I see it, > this is a bug. Yes it is. In fact, a bug that we've had open for way too long: #4145. As a workaround, one could define a File resource to manage permissions on `/etc/ssh/ssh_known_hosts`. ---------------------------------------- Bug #21811: Wrong permissions for /etc/ssh/ssh_known_hosts https://projects.puppetlabs.com/issues/21811#change-95008 * Author: Mark Ruys * Status: Duplicate * Priority: Normal * Assignee: Charlie Sharpsteen * Category: ssh * Target version: * Affected Puppet version: 3.2.2 * Keywords: ssh_known_hosts permissions * Branch: ---------------------------------------- When I apply: sshkey { "${fqdn}_ecdsa-sha2-nistp256": host_aliases => [ "$fqdn", "$hostname", "$ipaddress" ], type => ecdsa-sha2-nistp256, key => $sshecdsakey, } the generated line is: app01.cluster.peercode.nl_ecdsa-sha2-nistp256,app01.cluster.peercode.nl,app01,10.243.0.61 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDe0Ij3EUAUuZd3PRAUWSQk/Rc/uJQEQNnIlfFC9VPCPw8HRHr/ZBYBKwt/ucskE9+9NUVpNcEtSSZD7kiBQdoM= This is not accepted by ssh, as it still ask to confirm the host identity. It then inserts into ~/.ssh/know_hosts two lines: |1|nKfBJdWYK8pcfw5uYDFbEjwinek=|i4xCR6M97ohkW2QX2EP4x6BrGOI= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDe0Ij3EUAUuZd3PRAUWSQk/Rc/uJQEQNnIlfFC9VPCPw8HRHr/ZBYBKwt/ucskE9+9NUVpNcEtSSZD7kiBQdoM= |1|AFKXXOXTMqb3s7xFZjIXMhLFgvw=|7Tj2HonmX9r//yTA0wm/tAcYXPw= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDe0Ij3EUAUuZd3PRAUWSQk/Rc/uJQEQNnIlfFC9VPCPw8HRHr/ZBYBKwt/ucskE9+9NUVpNcEtSSZD7kiBQdoM= Ubuntu 12.04 OpenSSH 5.9 -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/groups/opt_out.
