Daneil Goodman
2010-Oct-26 02:47 UTC
[Puppet Users] Multiple host key entries in ssh_known_hosts
Hi all, I am trying to use @@sshkey{...} and Sshkey <<| |>> to share host keys between compute nodes. It does work! But there is a weird issue. The same host key entry of each node will add into ssh_known_host again after restarted puppet each time. I only need one entry for each node in ssh_known_hosts. What should I do? Here is the code: class ssh { @@sshkey { "$hostname": key => $sshrsakey, type => ssh-rsa, name => ["$hostname,","$hostname.$domain,","$ipaddress"], } Sshkey <<| |>> } Even if enforced to remove /etc/ssh/ssh_known_hosts before collection using the following modified code, the result is same. class ssh { file { "/etc/ssh/ssh_known_hosts": ensure => absent } @@sshkey { "$hostname": key => $sshrsakey, type => ssh-rsa, name => ["$hostname,","$hostname.$domain,","$ipaddress"], require => File["/etc/ssh/ssh_known_hosts"] } Sshkey <<| |>> } The default mode of ssh_known_hosts created by the above code is 600. I tried to change it to 644 using the following code: class ssh { file { "/etc/ssh/ssh_known_hosts": ensure => absent } @@sshkey { "$hostname": key => $sshrsakey, type => ssh-rsa, name => ["$hostname,","$hostname.$domain,","$ipaddress"], require => File["/etc/ssh/ssh_known_hosts"] } Sshkey <<| |>> File <| title == "/etc/ssh/ssh_known_hosts" |> { mode => 644 } } But it is still 600. How can I limit to only one host key entry for each node in ssh_known_hosts and change its mode to 644? Thanks, Goodman -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.