similar to: Managing /etc/ssh/shosts.equiv

I''m trying to create a ssh class where the /etc/ssh/ssh_known_hosts and /etc/ssh/shosts.equiv stays updated. The issue i''m finding is that if I include a "tag == anything" in the Collector filter, it collects all resources EXCEPT it''s own. In this case, the known_hosts and .equiv files will have all the other hostnames, but not it''s own hostname.

Hi , I was testing puppet exported resources as in http://docs.puppetlabs.com/guides/exported_resources.html and I had this test class (code is from another post). class ssh_known_hosts{ case $sshrsakey { '''': { alert("No sshrsakey found for $fqdn") } default: { @@sshkey { $fqdn:

I am attempting to remove an old ssh host key from /etc/ssh/ssh_known_hosts. In my manifest, I have the following: # add keys @@sshkey { $hostname: ensure => present, type => "rsa", key => $sshrsakey, } # remove key @@sshkey { "foohost": ensure => absent, type => "rsa", } Sshkey <<| |>> But I get this error on

Hello... Is this a bug or by design? I''m using exported resources to generate /etc/ssh/ssh_known_hosts. I changed the example from the docs to this: @@sshkey { "$fqdn,$hostname,$ipaddress": type => rsa, key => $sshrsakey, } so that I would get one line per host in the ssh_know_hosts file. What happened was that on each run several (all?)

Hello, I want to use exported resources (namely sshkey) and with the following code, each node gets his own ssh key written into /etc/ssh/ssh_known_hosts, but not the others ones. This is with puppet 0.24.7 on redhat. node ''node1'' { @@sshkey { "node1": type => rsa, key => $sshrsakey } Sshkey <<| |>> } node ''node2'' {

On Fri, 10 Nov 2023, Rory Campbell-Lange wrote: > On 09/11/23, Marian Beermann (public at enkore.de) wrote: > > ... while OpenSSH does support using a CA in conjunction with hostbased > > authentication, it still requires a list of all authorized host names in the > > rhosts / shosts file. > > I'm not familiar with the use of .rhosts/.shosts, but I don't think

Hullo, I am attempting to use collections in order to distribute ssh keys across (soon) many hosts but I am hitting some trouble (the recipe I am using is at the end of this email). Namely it looks like sshkeys resources are not marked as exported in the sqlite db. I.e. if I do: sqlite3 clientconfigs.sqlite3 SQLite version 3.3.5 Enter ".help" for instructions sqlite> select *

I'm trying to replace ssh 1.2.27 with openssh 1.2.1-pre* It seems that a openssh client accessing any openssh/ssh server I've setup always results in a password prompt. It also seems that a openssh server requires ssh clients to provide a password regardless of the entries in the /etc/ssh/shosts.equiv file. If I shut off the openssh server and run a ssh server then normal ssh client

Hello all, How are you using the sshkey type? Are you using it to list hosts and keys in a class that nodes include in order to manage /etc/ssh/ssh_known_hosts or something else? How does any of this relate to the sshrsakey and sshdsakey facts on the host? I read some stuff about this on the Virtual Resources page but it''s too vague for my simple mind and I''d be reluctant to use

On 09/11/23, Marian Beermann (public at enkore.de) wrote: > ... while OpenSSH does support using a CA in conjunction with hostbased > authentication, it still requires a list of all authorized host names in the > rhosts / shosts file. I'm not familiar with the use of .rhosts/.shosts, but I don't think those are needed at all with a machine or per-user known_hosts file/files

On 11/10/23 04:17, Damien Miller wrote: > AIUI what he is asking for is a file that combines the host identity > of the system-wide ssh_known_hosts file with the host/user authorisation > of shosts in a single file. > > This might be a little cleaner, but IMO not so much so as to be highly > motivating (personally). > > -d Yup, but since this is auth code I imagine it

On Sat, 11 Nov 2023, Marian Beermann wrote: > On 11/10/23 04:17, Damien Miller wrote: > > AIUI what he is asking for is a file that combines the host identity > > of the system-wide ssh_known_hosts file with the host/user authorisation > > of shosts in a single file. > > > > This might be a little cleaner, but IMO not so much so as to be highly > >

Hello all! I'm looking for a solution to the following problem - I need to be able to use OpenSSH from root on one system to perform work on several dozen other systems using some automation. The restrictions that have to be met to keep the business happy are that no cleartext passwords or unencrypted private keys can be stored on disk. Since this is within an automated environment, there

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Solaris 10 x64 kernel 150401-35 LibreSSL 2.4.1 GCC 5.2 ./configure --with-privsep-user=sshd --with-pam --with-pie --with-ssl-dir=/usr/local 'CFLAGS=-O3 -m64 -mtune=native -pipe' 'LDFLAGS=-m64' successful. gmake produces error: root @ khorne /patch/openssh-7.3p1 # gmake conffile=`echo sshd_config.out | sed

Hello, I have a x86 Red Hat Linux release 7.0 (Guinness) box. OpenSSL 0.9.6b I downloaded the most recent version of OpenSSH (3.1p1). Attached is the result of ./configure and make. Thanks in advance -------------- next part -------------- # ./configure checking for gcc... gcc checking for C compiler default output... a.out checking whether the C compiler works... yes checking whether we are

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I''ve created an ssh_keys class that just makes sure that all my Puppet managed hosts get the same set of hosts keys using the "sshkey" type. I also am starting to play with OSSEC HIDS which is a host based intrusion detection system. OSSEC HIDS has been letting me know that the MD5 and SHA1 hashes of /etc/ssh/ssh_known_hosts has

Hi, I''m new to Puppet. And I''m trying out an ssh module: https://github.com/saz/puppet-ssh. It collects ssh keys like this: class ssh::knownhosts { Sshkey <<| |>> { ensure => present, } notify{"knownhosts class: $fqdn $hostname $ipaddress ":} } I can see it echoes the host key of the host the puppet agent runs on. But the

So they released openssl 101g to patch for a hole. One then wishes to recompile openssh. After ".configure" I get this: synergy[124]# make if test "doc" = "cat"; then manpage=./`echo scp.1.out | sed 's/\.[1-9]\.out$/\.0/'`; else manpage=./`echo scp.1.out | sed 's/\.out$//'`; fi; if test "doc" = "man"; then

Hi, I am still working on getting hostbased authentication working in OpenSSH 3.5p1. I emailed the user list, and got no response. It seems so simple, yet I have continued to have problems getting it working properly. I've read posts about it on this list, and the openssh-unix-dev list, and nothing I have tried seems to work. My question is this, does it matter which key, either

Hi, we're looking to reduce the number of host lists that need to be kept in sync in our system. (There are quite a few of them all over the place) OpenSSH CAs are an obvious solution for not having to keep all host keys in sync in /etc/ssh/known_hosts, however, while OpenSSH does support using a CA in conjunction with hostbased authentication, it still requires a list of all authorized