similar to: sshkey resource type in Ubuntu 10.04

Hello all, How are you using the sshkey type? Are you using it to list hosts and keys in a class that nodes include in order to manage /etc/ssh/ssh_known_hosts or something else? How does any of this relate to the sshrsakey and sshdsakey facts on the host? I read some stuff about this on the Virtual Resources page but it''s too vague for my simple mind and I''d be reluctant to use

I am attempting to remove an old ssh host key from /etc/ssh/ssh_known_hosts. In my manifest, I have the following: # add keys @@sshkey { $hostname: ensure => present, type => "rsa", key => $sshrsakey, } # remove key @@sshkey { "foohost": ensure => absent, type => "rsa", } Sshkey <<| |>> But I get this error on

I. most of ssh manual and all sshd manual present server and client as one machine, called host. All files mentioned are placed on one machine. This is incorrect, and makes the explanation unclear. For example, man sshd SSH_KNOWN_HOSTS FILE FORMAT suggests to copy keys from /etc/ssh/ssh_host_key.pub into /etc/ssh/ssh_known_hosts, as if those files are on the same machine. II. a general

I''m trying to create a ssh class where the /etc/ssh/ssh_known_hosts and /etc/ssh/shosts.equiv stays updated. The issue i''m finding is that if I include a "tag == anything" in the Collector filter, it collects all resources EXCEPT it''s own. In this case, the known_hosts and .equiv files will have all the other hostnames, but not it''s own hostname.

Hi , I was testing puppet exported resources as in http://docs.puppetlabs.com/guides/exported_resources.html and I had this test class (code is from another post). class ssh_known_hosts{ case $sshrsakey { '''': { alert("No sshrsakey found for $fqdn") } default: { @@sshkey { $fqdn:

OpenSSH 2.9.9 has just been uploaded. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH 2.9.9 fixes a weakness in the key file option handling, including source IP based access control. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. This release contains many portability

https://bugzilla.mindrot.org/show_bug.cgi?id=3627 Bug ID: 3627 Summary: openssh 9.4p1 does not see RSA keys in know_hosts file. Product: Portable OpenSSH Version: 9.4p1 Hardware: SPARC OS: Solaris Status: NEW Severity: major Priority: P5 Component: ssh

http://bugzilla.mindrot.org/show_bug.cgi?id=747 Summary: host authentication requires RSA1 keys Product: Portable OpenSSH Version: 3.7.1p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Documentation AssignedTo: openssh-bugs at mindrot.org ReportedBy:

This question should be asked before, but I fail to find the discussion. What options can be used for storing host/users pubkeys in a publically available places? I know openssh currently provide option except if /etc/ssh_known_hosts and ~/.ssh/known_hosts. But what about many machines? Think of e.g. pgp keyservers. Note that pgp keyservers isn't a good solution *always*. The best one

Hello. I am running OpenSSH 7.9p1 on my client and server. ssh-keyscan shows the server has ssh-rsa, ssh-ed25519, and ecdsa-sha2-nistp256 host keys. My /etc/ssh/ssh_known_hosts file contains the server's ssh-ed25519 host key. When I try to SSH to the server I get this error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!

On 06.08.2019 23:17, Reio Remma via dovecot wrote: > On 24.06.2019 16:25, Reio Remma wrote: >> On 24.06.2019 8:21, Aki Tuomi wrote: >>> On 22.6.2019 22.00, Reio Remma via dovecot wrote: >>>> Jun 22 16:55:22 host dovecot: dsync-local(user at host.ee)<>: Error: >>>> Remote command returned error 84: ssh -i /home/vmail/.ssh/vmail.pem -l >>>>

I'm finding another problem with OpenSSH 2.5.1p1 on RH 6.2 (at least, I think it's the linux box that is the problem). I'm ssh'ing to a RH 6.2 box from a Solaris 7 server (scp also... seems like the same problem). I'm using authorized_keys and identity.pub files to do it automagically, and all works well when it's from user to user, where the username is the same, but if

Hi, I''m new to Puppet. And I''m trying out an ssh module: https://github.com/saz/puppet-ssh. It collects ssh keys like this: class ssh::knownhosts { Sshkey <<| |>> { ensure => present, } notify{"knownhosts class: $fqdn $hostname $ipaddress ":} } I can see it echoes the host key of the host the puppet agent runs on. But the

Is there any work going into placing keys in a central directory such as LDAP ? Jeff McElroy jmcelroy at dtgnet.com

All: I have a problem connecting Openssh 3.0.2p1 on Solaris 8 using hostname authentication for non-root users. When I connect to the sshd from a second machine as root it works fine using HostbasedAuthentication, but it always fails with non-root users. I suspect that I am having a permissions problem somewhere, but I'll be damned if I can figure out where. Any and all help

Hi guys Though being a mere user, - as opposed to an expert - in many long years of ssh in my use this, is new: -> $ ssh box5.proxmox.mine hostname -i 10.3.1.78 -> $ ssh box5 hostname -i Warning: the RSA host key for 'box5' differs from the key for the IP address '10.3.1.78' Offending key for IP in /root/.ssh/known_hosts:2 Matching host key in /etc/ssh/ssh_known_hosts:2

Wonder if you guys could help me out...have a security problem with sshd wich enables a user to do a password login tough the sshd_config states PasswordAuthentication no My config works fine in both gentoo and openbsd 3.3 but users are able to login with tunneled clear text passwords in both 4.9 and 5.1 Im lost.tried everything I can think of. Here is the config:

Hi, On Fri, Jan 9, 2015, at 10:48 AM, Tim Rice wrote: > My ssh_config has > Host * > HostbasedAuthentication yes > EnableSSHKeysign yes > NoHostAuthenticationForLocalhost yes > > NoHostAuthenticationForLocalhost is not necessary. > The one you are missing is EnableSSHKeysign. > > Additionally, you made no mention of your ssh_known_hosts files. Make > sure

Brian Candler wrote: > Chris Green wrote: > > ... redundant ones are because I have a mixed population of > > Raspberry Pis and such on my LAN and they get rebuilt fairly > > frequently and thus, each time, get a new entry in known_hosts. > ...many useful tips... > To disable host key checking altogether for certain domains and/or networks, > you can put this in

Hello, I want to use exported resources (namely sshkey) and with the following code, each node gets his own ssh key written into /etc/ssh/ssh_known_hosts, but not the others ones. This is with puppet 0.24.7 on redhat. node ''node1'' { @@sshkey { "node1": type => rsa, key => $sshrsakey } Sshkey <<| |>> } node ''node2'' {