The Puppet Labs Issue Tracker has Moved:

This issue tracker is now in read-only archive mode and automatic ticket export has been disabled. Redmine users will need to create a new JIRA account to file tickets using See the following page for information on filing tickets with JIRA:

Bug #4488

ssh_authorized_key trips over comments in file

Added by martin krafft over 5 years ago. Updated about 3 years ago.

Status:ClosedStart date:08/06/2010
Priority:NormalDue date:
Assignee:-% Done:


Target version:-
Affected Puppet version:0.25.4 Branch:
Keywords:ssh_authorized_key parser comments

We've Moved!

Ticket tracking is now hosted in JIRA:


I am getting:

err: Could not prefetch ssh_authorized_key provider 'parsed': Could not parse line "" at /root/.ssh/authorized_keys:4

This is due to the fact that I use comments in the authorized_keys file, which I assemble automatically:

% sed -ne 4p /root/.ssh/authorized_keys
### from authorized_keys.d/

Please use a more robust way to scan for puppet comments.


#1 Updated by James Turnbull over 5 years ago

  • Status changed from Unreviewed to Accepted
  • Target version set to 2.7.x

#2 Updated by Alan Barrett over 5 years ago

I have the following change, which allows unrecognised lines to be passed through unmolested.

--- puppet-0.25.5/lib/puppet/provider/ssh_authorized_key/parsed.rb   Mon May 17 06:10:24 2010
+++ new/lib/puppet/provider/ssh_authorized_key/parsed.rb        Thu Jun 17 14:59:02 2010
@@ -14,7 +14,11 @@
         :fields   => %w{options type key name},
         :optional => %w{options},
         :rts => /^\s+/,
-        :match    => /^(?:(.+) )?(ssh-dss|ssh-rsa) ([^ ]+) ?(.*)$/,
+        # The name field is not optional here.  Lines without a name
+        # will be matched by the "text_line :unrecognised" rule instead.
+        # (Do not change the (.+) at the end to (.*), or make the preceding
+        # space optional.)
+        :match    => /^(?:(.+) )?(ssh-dss|ssh-rsa) ([^ ]+) (.+)$/,
         :post_parse => proc { |h|
             h[:name] = "" if h[:name] == :absent
             h[:options] ||= [:absent]
@@ -30,6 +34,8 @@
         :optional => %w{options},
         :rts      => /^\s+/,
         :match    => /^(?:(.+) )?(\d+) (\d+) (\d+)(?: (.+))?$/
+    text_line :unrecognised, :match => //

     def dir_perm
         # Determine correct permission for created directory and file

The :unrecognised rule should probably be in a parent class instead of in the ssh_authorized_keys provider. The part about making the name field compulsory is there to deal with errors (whose details I do not remember) where some other part of puppet was unhappy about having the empty string as the name of a resource.

#3 Updated by Andrew Gaffney almost 5 years ago

In my case, it tripped over itself parsing a blank line between comments and keys. After that, it clobbered the whole file and only wrote the managed entries.

#4 Updated by Stefan Schulte over 3 years ago

  • Status changed from Accepted to Closed

Browsing the log of ssh_authorized_key/parsed.rb the provider can handle comments since the beginning. But the error message above

err: Could not prefetch ssh_authorized_key provider 'parsed': Could not parse line ""

Indicates that puppet in fact stumbles across a blank line. This was addressed in #14127 and fixed in 2.7.15rc1 (as of commit:b4d1c65). Closing this one.

#5 Updated by Anonymous about 3 years ago

  • Target version deleted (2.7.x)

Also available in: Atom PDF