similar to: bug with using exported resources?

I''m trying to create a ssh class where the /etc/ssh/ssh_known_hosts and /etc/ssh/shosts.equiv stays updated. The issue i''m finding is that if I include a "tag == anything" in the Collector filter, it collects all resources EXCEPT it''s own. In this case, the known_hosts and .equiv files will have all the other hostnames, but not it''s own hostname.

Hi , I was testing puppet exported resources as in http://docs.puppetlabs.com/guides/exported_resources.html and I had this test class (code is from another post). class ssh_known_hosts{ case $sshrsakey { '''': { alert("No sshrsakey found for $fqdn") } default: { @@sshkey { $fqdn:

Hullo, I am attempting to use collections in order to distribute ssh keys across (soon) many hosts but I am hitting some trouble (the recipe I am using is at the end of this email). Namely it looks like sshkeys resources are not marked as exported in the sqlite db. I.e. if I do: sqlite3 clientconfigs.sqlite3 SQLite version 3.3.5 Enter ".help" for instructions sqlite> select *

Hello, I want to use exported resources (namely sshkey) and with the following code, each node gets his own ssh key written into /etc/ssh/ssh_known_hosts, but not the others ones. This is with puppet 0.24.7 on redhat. node ''node1'' { @@sshkey { "node1": type => rsa, key => $sshrsakey } Sshkey <<| |>> } node ''node2'' {

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hello, I read and find a way (well, there seems to be several equal implementations) to collect the ssh keys of machines. However they all give only the choice to choose between the key formats. But is there a way to collect both keys of a machine, the rsa _and_ the dss key (and maybe the rsa1 too)? I didn''t find a way to solve this as

Hello all, How are you using the sshkey type? Are you using it to list hosts and keys in a class that nodes include in order to manage /etc/ssh/ssh_known_hosts or something else? How does any of this relate to the sshrsakey and sshdsakey facts on the host? I read some stuff about this on the Virtual Resources page but it''s too vague for my simple mind and I''d be reluctant to use

I am attempting to remove an old ssh host key from /etc/ssh/ssh_known_hosts. In my manifest, I have the following: # add keys @@sshkey { $hostname: ensure => present, type => "rsa", key => $sshrsakey, } # remove key @@sshkey { "foohost": ensure => absent, type => "rsa", } Sshkey <<| |>> But I get this error on

Is the host_aliases parameter to sshkey new in 0.25? Jun 1 15:28:48 s_sys@ext3.fr.xxx.com puppetd[20358]: Could not retrieve catalog: Invalid parameter ''host_aliases'' for type ''Sshkey'' at /etc/puppet/manifests/nodes/fr.twofish.com/ext3.pp:19 on node ext3.fr.xxx.com Jun 1 15:28:48 s_sys@ext3.fr.xxx.com puppetd[20358]: Not using cache on failed catalog The

Hi, I''m new to Puppet. And I''m trying out an ssh module: https://github.com/saz/puppet-ssh. It collects ssh keys like this: class ssh::knownhosts { Sshkey <<| |>> { ensure => present, } notify{"knownhosts class: $fqdn $hostname $ipaddress ":} } I can see it echoes the host key of the host the puppet agent runs on. But the

Hey list, Not sure if something has been posted about it but I didn''t find any post after research, I''d like to define an entry in my /etc/ssh/ssh_know_hosts using sshkey resource. After a run it does insert an entry there, but the issue is that I have the HashKnownHosts flag set on my configuration file and that Puppet generate a plain unencrypted entry for the

Hi, does anyone have any elegant solutions for managing shosts.equiv? In my puppet ssh module, host keys for /etc/ssh/ssh_known_hosts are automatically managed with: @@sshkey { $hostname: ensure => present, type => "rsa", key => $sshrsakey, } Sshkey <<| |>> Is there a similar construct for

`git describe' says V_7_3_P1-207-gc924b2ef (shouldn't it say V_7_4_P1-<yadayada>?). This is what I see: gcc -g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I.

I''m currently searching around/reading up on exported resources, but figured I''d ping the list to see if someone had a quick answer. I''m collecting and exporting ssh keys, basically like the example in ProPuppet and in the wiki etc. I was collecting both rsa and dsa keys, and exporting all keys. I''ve stopped collecting dsa keys, we don''t care about

Remove sshkey_load_private(), as this function's role is similar to sshkey_load_private_type(). --- Dependency: This change depends over recently merged change in openbsd: https://github.com/openbsd/src/commit/b0c328c8f066f6689874bef7f338179145ce58d0 Change log: v1->v2 - Remove declaration of sshkey_load_private() in authfile.h authfile.c | 38

https://bugzilla.mindrot.org/show_bug.cgi?id=3192 Bug ID: 3192 Summary: openssh-8.2 & openssl-1.1.1d error: dereferencing pointer to incomplete type Not found struct BIO , bio->num_write Product: Portable OpenSSH Version: 8.2p1 Hardware: Other OS: Linux Status: NEW

I have the class below to export host entries. However I wish to override the entry for my host to 127.0.0.1 So for all of the hosts other than foo.bar.com I would like them to have the real IP address but for foo.bar.com I would like to just have the loopback host entry. 2.6.2 doesn''t allow multiple tags and if I put in another entry for localhost there is a collision. Is there any

Add support to load additional certificates for already loaded private keys. Useful if the private key is on a PKCS#11 hardware token. The private keys inside ssh-agent are now using a refcount to share the private parts between "Identities". The reason for this change was that the PKCS#11 code might have redirected ("wrap") the RSA functions to a hardware token. We don't

update server autobuild to set up a new isolated vm environment and go through the server installer process and rails tests --- autobuild.sh | 65 ++++++++++++++++++++++++++++++++++++++++++ ovirt-installer-test-answers | 21 +++++++++++++ ovirt-server-test.ks | 37 ++++++++++++++++++++++++ 3 files changed, 123 insertions(+), 0 deletions(-) create mode 100644

Is there any work going into placing keys in a central directory such as LDAP ? Jeff McElroy jmcelroy at dtgnet.com

On Thu, Oct 11, 2018 at 10:41 AM Damien Miller <djm at mindrot.org> wrote: > On Wed, 10 Oct 2018, Adam Eijdenberg wrote: > > We see this error on the client side: > > > > debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512> > > ... > > debug1: Offering public key: RSA-CERT SHA256:xxx /path/to/key > > debug1: send_pubkey_test: no