The Puppet Labs Issue Tracker has Moved: https://tickets.puppetlabs.com
https://tickets.puppetlabs.com. See the following page for information on filing tickets with JIRA:
ssh_authorized_keys provider crashes on SSH type 1 keys
|Assignee:||Francois Deppierraz||% Done:|
|Affected Puppet version:||0.24.4||Branch:|
Ticket tracking is now hosted in JIRA: https://tickets.puppetlabs.com
SSH type 1 keys do not have a prefix (ssh-dss or ssh-rsa), the line starts with the keysize, exponent and modulo – all in decimal, not hex or mime-encoded. If puppet (0.24.4 from Debian Etch backports) encounters such a file, it stops:
err: //Ssh_authorized_key[jops@jaw0-dsa]: Failed to retrieve current state of resource: Could not parse line “1024 35 1272345(…)
Also, it is impossible to specify type 1 keys in the ssh_authorized_keys provider, even though the Type reference implies that this should be possible: “type: The encryption type used. Usually ssh-dss or ssh-rsa for SSH version 2. Not used for SSH version 1.” But not specifying the type leads to errors, and looking at authorized_keys/parsed.rb it seems clear that the :match cannot handle the SSH type 1 case.
It is of course ill advised to still run ssh type 1, but such keys should at least not stop Puppet from running.