Displaying 20 results from an estimated 6000 matches similar to: "Managing /etc/ssh/shosts.equiv"
2013 Aug 13
2
Collector not realizing own exported resources when filtering on tags
I''m trying to create a ssh class where the /etc/ssh/ssh_known_hosts and
/etc/ssh/shosts.equiv stays updated. The issue i''m finding is that if I
include a "tag == anything" in the Collector filter, it collects all
resources EXCEPT it''s own. In this case, the known_hosts and .equiv files
will have all the other hostnames, but not it''s own hostname.
2012 Jul 11
3
where is ssh_known_hosts file generated by sshkey ?
Hi ,
I was testing puppet exported resources as in
http://docs.puppetlabs.com/guides/exported_resources.html and I had this
test class (code is from another post).
class ssh_known_hosts{
case $sshrsakey {
'''': { alert("No sshrsakey found for $fqdn") }
default: {
@@sshkey { $fqdn:
2012 Aug 09
4
Error 400 on Server: Another local or imported resource exists with the type and title Sshkey
I am attempting to remove an old ssh host key from
/etc/ssh/ssh_known_hosts. In my manifest, I have the following:
# add keys
@@sshkey { $hostname:
ensure => present,
type => "rsa",
key => $sshrsakey,
}
# remove key
@@sshkey { "foohost":
ensure => absent,
type => "rsa",
}
Sshkey <<| |>>
But I get this error on
2010 Nov 15
2
bug with using exported resources?
Hello...
Is this a bug or by design?
I''m using exported resources to generate /etc/ssh/ssh_known_hosts. I
changed the example from the docs to this:
@@sshkey {
"$fqdn,$hostname,$ipaddress": type => rsa,
key => $sshrsakey,
}
so that I would get one line per host in the ssh_know_hosts file. What
happened was that on each run several (all?)
2009 Mar 11
2
trouble diagnosing exported resources
Hello,
I want to use exported resources (namely sshkey) and with the following
code, each node gets his own ssh key written into /etc/ssh/ssh_known_hosts,
but not the others ones. This is with puppet 0.24.7 on redhat.
node ''node1'' {
@@sshkey { "node1":
type => rsa,
key => $sshrsakey
}
Sshkey <<| |>>
}
node ''node2'' {
2023 Nov 10
1
@cert-authority for hostbased auth - sans shosts?
On Fri, 10 Nov 2023, Rory Campbell-Lange wrote:
> On 09/11/23, Marian Beermann (public at enkore.de) wrote:
> > ... while OpenSSH does support using a CA in conjunction with hostbased
> > authentication, it still requires a list of all authorized host names in the
> > rhosts / shosts file.
>
> I'm not familiar with the use of .rhosts/.shosts, but I don't think
2007 Aug 08
6
Exporting collections/sshkeys
Hullo,
I am attempting to use collections in order to distribute ssh keys
across (soon) many hosts but I am hitting some trouble (the recipe I am
using is at the end of this email). Namely it looks like sshkeys
resources are not marked as exported in the sqlite db. I.e. if I do:
sqlite3 clientconfigs.sqlite3
SQLite version 3.3.5
Enter ".help" for instructions
sqlite> select *
2000 Jan 04
1
/etc/ssh/shosts.equiv ignored?
I'm trying to replace ssh 1.2.27 with openssh 1.2.1-pre*
It seems that a openssh client accessing any openssh/ssh server I've setup
always results in a password prompt.
It also seems that a openssh server requires ssh clients to provide a
password regardless of the entries in the /etc/ssh/shosts.equiv file. If
I shut off the openssh server and run a ssh server then normal ssh client
2007 Apr 04
5
sshkey
Hello all,
How are you using the sshkey type? Are you using it to list hosts and keys in a class that nodes include in order to manage /etc/ssh/ssh_known_hosts or something else? How does any of this relate to the sshrsakey and sshdsakey facts on the host? I read some stuff about this on the Virtual Resources page but it''s too vague for my simple mind and I''d be reluctant to use
2023 Nov 10
1
@cert-authority for hostbased auth - sans shosts?
On 09/11/23, Marian Beermann (public at enkore.de) wrote:
> ... while OpenSSH does support using a CA in conjunction with hostbased
> authentication, it still requires a list of all authorized host names in the
> rhosts / shosts file.
I'm not familiar with the use of .rhosts/.shosts, but I don't think those are needed at all with a machine or per-user known_hosts file/files
2023 Nov 11
1
@cert-authority for hostbased auth - sans shosts?
On 11/10/23 04:17, Damien Miller wrote:
> AIUI what he is asking for is a file that combines the host identity
> of the system-wide ssh_known_hosts file with the host/user authorisation
> of shosts in a single file.
>
> This might be a little cleaner, but IMO not so much so as to be highly
> motivating (personally).
>
> -d
Yup, but since this is auth code I imagine it
2023 Nov 12
1
@cert-authority for hostbased auth - sans shosts?
On Sat, 11 Nov 2023, Marian Beermann wrote:
> On 11/10/23 04:17, Damien Miller wrote:
> > AIUI what he is asking for is a file that combines the host identity
> > of the system-wide ssh_known_hosts file with the host/user authorisation
> > of shosts in a single file.
> >
> > This might be a little cleaner, but IMO not so much so as to be highly
> >
2002 Mar 29
2
Non-interactive root access via hostbased using shosts.equiv
Hello all!
I'm looking for a solution to the following problem -
I need to be able to use OpenSSH from root on one
system to perform work on several dozen other systems
using some automation. The restrictions that have to
be met to keep the business happy are that no
cleartext passwords or unencrypted private keys can be
stored on disk. Since this is within an automated
environment, there
2016 Aug 01
4
OpenSSH 7.3p1 can't be build on Solaris 10
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Solaris 10 x64 kernel 150401-35
LibreSSL 2.4.1
GCC 5.2
./configure --with-privsep-user=sshd --with-pam --with-pie
--with-ssl-dir=/usr/local 'CFLAGS=-O3 -m64 -mtune=native -pipe'
'LDFLAGS=-m64'
successful.
gmake produces error:
root @ khorne /patch/openssh-7.3p1 # gmake
conffile=`echo sshd_config.out | sed
2002 Mar 15
1
Problems compiling on Redhat
Hello,
I have a x86 Red Hat Linux release 7.0 (Guinness) box.
OpenSSL 0.9.6b
I downloaded the most recent version of OpenSSH (3.1p1).
Attached is the result of ./configure and make.
Thanks in advance
-------------- next part --------------
# ./configure
checking for gcc... gcc
checking for C compiler default output... a.out
checking whether the C compiler works... yes
checking whether we are
2006 Nov 01
1
Constant regeneration of /etc/ssh/ssh_known_hosts
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I''ve created an ssh_keys class that just makes sure that all my
Puppet managed hosts get the same set of hosts keys using the
"sshkey" type. I also am starting to play with OSSEC HIDS which is
a host based intrusion detection system. OSSEC HIDS has been
letting me know that the MD5 and SHA1 hashes of
/etc/ssh/ssh_known_hosts has
2012 Aug 29
4
troubleshooting resource collection
Hi,
I''m new to Puppet. And I''m trying out an ssh module:
https://github.com/saz/puppet-ssh.
It collects ssh keys like this:
class ssh::knownhosts {
Sshkey <<| |>> {
ensure => present,
}
notify{"knownhosts class: $fqdn $hostname $ipaddress ":}
}
I can see it echoes the host key of the host the puppet agent runs on. But
the
2014 Apr 09
2
immediate "gotcha" in compilation!? 6.6p1 versus openssl 1.0.1g
So they released openssl 101g to patch for a hole. One then wishes to
recompile openssh.
After ".configure" I get this:
synergy[124]# make
if test "doc" = "cat"; then manpage=./`echo scp.1.out | sed
's/\.[1-9]\.out$/\.0/'`; else manpage=./`echo scp.1.out | sed
's/\.out$//'`; fi; if test "doc" = "man"; then
2003 Feb 28
1
Hostbased Authentication Question
Hi,
I am still working on getting hostbased authentication working in
OpenSSH 3.5p1. I emailed the user list, and got no response. It seems so
simple, yet I have continued to have problems getting it working properly.
I've read posts about it on this list, and the openssh-unix-dev list, and
nothing I have tried seems to work. My question is this, does it matter
which key, either
2023 Nov 09
1
@cert-authority for hostbased auth - sans shosts?
Hi,
we're looking to reduce the number of host lists that
need to be kept in sync in our system. (There are quite a few of them
all over the place)
OpenSSH CAs are an obvious solution for not having to
keep all host keys in sync in /etc/ssh/known_hosts, however,
while OpenSSH does support using a CA in conjunction with hostbased
authentication,
it still requires a list of all authorized