similar to: sshkey and server with HashKnowHosts set

Hello... Is this a bug or by design? I''m using exported resources to generate /etc/ssh/ssh_known_hosts. I changed the example from the docs to this: @@sshkey { "$fqdn,$hostname,$ipaddress": type => rsa, key => $sshrsakey, } so that I would get one line per host in the ssh_know_hosts file. What happened was that on each run several (all?)

Hi , I was testing puppet exported resources as in http://docs.puppetlabs.com/guides/exported_resources.html and I had this test class (code is from another post). class ssh_known_hosts{ case $sshrsakey { '''': { alert("No sshrsakey found for $fqdn") } default: { @@sshkey { $fqdn:

Is the host_aliases parameter to sshkey new in 0.25? Jun 1 15:28:48 s_sys@ext3.fr.xxx.com puppetd[20358]: Could not retrieve catalog: Invalid parameter ''host_aliases'' for type ''Sshkey'' at /etc/puppet/manifests/nodes/fr.twofish.com/ext3.pp:19 on node ext3.fr.xxx.com Jun 1 15:28:48 s_sys@ext3.fr.xxx.com puppetd[20358]: Not using cache on failed catalog The

I am attempting to remove an old ssh host key from /etc/ssh/ssh_known_hosts. In my manifest, I have the following: # add keys @@sshkey { $hostname: ensure => present, type => "rsa", key => $sshrsakey, } # remove key @@sshkey { "foohost": ensure => absent, type => "rsa", } Sshkey <<| |>> But I get this error on

Hello all, How are you using the sshkey type? Are you using it to list hosts and keys in a class that nodes include in order to manage /etc/ssh/ssh_known_hosts or something else? How does any of this relate to the sshrsakey and sshdsakey facts on the host? I read some stuff about this on the Virtual Resources page but it''s too vague for my simple mind and I''d be reluctant to use

Hi All, I was trying to templatize some JSP page I would like to dynamically generates but it looks like puppet doesn''t like it. Common JSP tags are <% ... %> so I guess it''s getting confused between regular tags and jsp''s one. This is an example of the trace it is givin me : /etc/puppet/modules/xxx/templates/webapps/xxx/yyy/Mantle.jsp:1:in `result'':

Hi, I''m attempting to distribute a known host ssh key (for github) to an Ubuntu 10.04 host. Puppet is distributing the key into /etc/ssh/ ssh_known_hosts as: github.com ssh-rsa [really long ssh-rsa key] However, Ubuntu seems to expect the key in this format: |1|[really long ssh-rsa key] (note all the keys in my known_hosts and ssh_known_hosts not managed by puppet are prepended with

https://bugzilla.mindrot.org/show_bug.cgi?id=866 Josh Triplett <josh at freedesktop.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |josh at freedesktop.org --- Comment #13 from Josh Triplett <josh at freedesktop.org> 2008-01-03

https://bugzilla.mindrot.org/show_bug.cgi?id=1727 Summary: document that HashKnownHosts may break tab-completion Product: Portable OpenSSH Version: 5.3p1 Platform: Other URL: http://bugs.debian.org/430154 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: ssh

https://bugzilla.mindrot.org/show_bug.cgi?id=3703 Bug ID: 3703 Summary: HashKnownHost deprecation Product: Portable OpenSSH Version: 9.4p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org

Hullo, I am attempting to use collections in order to distribute ssh keys across (soon) many hosts but I am hitting some trouble (the recipe I am using is at the end of this email). Namely it looks like sshkeys resources are not marked as exported in the sqlite db. I.e. if I do: sqlite3 clientconfigs.sqlite3 SQLite version 3.3.5 Enter ".help" for instructions sqlite> select *

On Sun, Oct 04, 2020 at 09:24:12PM +1100, Damien Miller wrote: > On Sun, 4 Oct 2020, Damien Miller wrote: > > > No - I think you've stumbled on a corner case I hadn't anticipated. > > Does your configuration override CheckHostIP at all? No. > > > > What are the known_hosts entries for the hostname and IP? > > Also, do you use HashKnownHosts? or do

Hi folks, maybe I am too blind to see, but would it be possible to avoid extra entries in known_hosts, if the remote host has a signed public key matching a @cert-authority line? Something like Host * HashKnownHosts unsigned This could help to keep the known_hosts file small and yet get all the unsigned public keys in. Just a suggestion, of course. Regards Harri

Hello, I hope this isn't a stupid question, but after editing my sshd_config file to set HashKnownHosts to 'yes' after this feature was recently added it occured to me that many of those same hosts are listed in "Hosts" lines in my ssh_config file. (The servers I connect to use different ports and require different IdentityFiles, so I set the appropriate options for each

On Sun, Oct 04, 2020 at 10:50:32PM +1100, Damien Miller wrote: > On Sun, 4 Oct 2020, Matthieu Herrb wrote: > > > On Sun, Oct 04, 2020 at 09:24:12PM +1100, Damien Miller wrote: > > > On Sun, 4 Oct 2020, Damien Miller wrote: > > > > > > > No - I think you've stumbled on a corner case I hadn't anticipated. > > > > Does your configuration

Add private key protection information extraction to shh-keygen using -v option on top of -y option which is already parsing the private key. Technically, the passphrase isn't necessary to do this, but it is the most logical thing to do for me. Adding this to -l option is not appropriate because fingerprinting is using the .pub file when available. An other idea is to add a new option, I

On Tue, 23 Jun 2015, Jakub Jelen wrote: > > On 05/29/2015 09:12 AM, Damien Miller wrote: > > Hi, > > > > OpenSSH 6.9 is almost ready for release, so we would appreciate testing > > on as many platforms and systems as possible. This release contains > > some substantial new features and a number of bugfixes. > Tested basic configuration on Fedora 22. With

Add support to load additional certificates for already loaded private keys. Useful if the private key is on a PKCS#11 hardware token. The private keys inside ssh-agent are now using a refcount to share the private parts between "Identities". The reason for this change was that the PKCS#11 code might have redirected ("wrap") the RSA functions to a hardware token. We don't

`git describe' says V_7_3_P1-207-gc924b2ef (shouldn't it say V_7_4_P1-<yadayada>?). This is what I see: gcc -g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I.

Hello, I want to use exported resources (namely sshkey) and with the following code, each node gets his own ssh key written into /etc/ssh/ssh_known_hosts, but not the others ones. This is with puppet 0.24.7 on redhat. node ''node1'' { @@sshkey { "node1": type => rsa, key => $sshrsakey } Sshkey <<| |>> } node ''node2'' {