The Puppet Labs Issue Tracker has Moved:

This issue tracker is now in read-only archive mode and automatic ticket export has been disabled. Redmine users will need to create a new JIRA account to file tickets using See the following page for information on filing tickets with JIRA:

Bug #13633

`puppet resource ssh_authorized_key <user>` should work

Added by Hunter Haugen about 4 years ago. Updated about 2 years ago.

Status:AcceptedStart date:04/04/2012
Priority:NormalDue date:
Assignee:-% Done:


Target version:-
Affected Puppet version: Branch:

We've Moved!

Ticket tracking is now hosted in JIRA:

This ticket is now tracked at:


One of my clients remarked that he was working through the Learning Puppet track and ran into a stack trace.

Learning Puppet teaches the puppet resource command, the later has an exercise for the ssh_authorized_key resource (on Running puppet resource ssh_authorized_key hunner throws a stack trace because lib/puppet/type/ssh_authorized_key:104, @parameters[:target] is nil.

cz% envpuppet puppet resource ssh_authorized_key hunner               
/Users/hunner/Documents/work/git/puppet/lib/puppet/type/ssh_authorized_key.rb:104:in `validate': undefined method `[]' for nil:NilClass (NoMethodError)
    from /Users/hunner/Documents/work/git/puppet/lib/puppet/type.rb:1807:in `initialize'
    from /Users/hunner/Documents/work/git/puppet/lib/puppet/indirector/resource/ral.rb:5:in `new'
    from /Users/hunner/Documents/work/git/puppet/lib/puppet/indirector/resource/ral.rb:5:in `find'
    from /Users/hunner/Documents/work/git/puppet/lib/puppet/indirector/indirection.rb:196:in `find'
    from /Users/hunner/Documents/work/git/puppet/lib/puppet/application/resource.rb:222:in `find_or_save_resources'
    from /Users/hunner/Documents/work/git/puppet/lib/puppet/application/resource.rb:144:in `main'
    from /Users/hunner/Documents/work/git/puppet/lib/puppet/application.rb:317:in `run_command'
    from /Users/hunner/Documents/work/git/puppet/lib/puppet/application.rb:309:in `run'
    from /Users/hunner/Documents/work/git/puppet/lib/puppet/application.rb:416:in `hook'
    from /Users/hunner/Documents/work/git/puppet/lib/puppet/application.rb:309:in `run'
    from /Users/hunner/Documents/work/git/puppet/lib/puppet/application.rb:407:in `exit_on_fail'
    from /Users/hunner/Documents/work/git/puppet/lib/puppet/application.rb:309:in `run'
    from /Users/hunner/Documents/work/git/puppet/lib/puppet/util/command_line.rb:69:in `execute'
    from /Users/hunner/Documents/work/git/puppet/bin/puppet:4

cz% envpuppet puppet resource ssh_authorized_key hunner target=ssh-rsa
notice: /Ssh_authorized_key[hunner]/ensure: created
err: /Ssh_authorized_key[hunner]: Could not evaluate: Cannot write SSH authorized keys without user
ssh_authorized_key { 'hunner':
  ensure => 'present',
  target => 'ssh-rsa',

I have two ssh-rsa keys in ~/.ssh/authorized_keys2


#1 Updated by Jeff Weiss about 4 years ago

  • Status changed from Unreviewed to Accepted

It sounds like the expected functionality of ssh_authorized_key is that you can specify a user and the type will automatically locate (and read the keys and put them into the user/.ssh/authorized_keys file.

This is not the way ssh_authorized_key actually works today. There is obviously a mismatch between existing functionality, which require the key (contents of id_rsa) in the manifest, along with type, and user.

We really ought to make ssh_authorized_key more intuitive.

#2 Updated by Charlie Sharpsteen about 2 years ago

Redmine Issue #13633 has been migrated to JIRA:

Also available in: Atom PDF