The Puppet Labs Issue Tracker has Moved: https://tickets.puppetlabs.com
ssh_authorized_keys provider crashes on SSH type 1 keys
|Assignee:||Francois Deppierraz||% Done:|
|Affected Puppet version:||0.24.4||Branch:|
Ticket tracking is now hosted in JIRA: https://tickets.puppetlabs.com
This issue is currently not available for export. If you are experiencing the issue described below, please file a new ticket in JIRA. Once a new ticket has been created, please add a link to it that points back to this Redmine ticket.
SSH type 1 keys do not have a prefix (ssh-dss or ssh-rsa), the line starts with the keysize, exponent and modulo – all in decimal, not hex or mime-encoded. If puppet (0.24.4 from Debian Etch backports) encounters such a file, it stops:
err: //Ssh_authorized_key[jops@jaw0-dsa]: Failed to retrieve current state of resource: Could not parse line “1024 35 1272345(…)
Also, it is impossible to specify type 1 keys in the ssh_authorized_keys provider, even though the Type reference implies that this should be possible: “type: The encryption type used. Usually ssh-dss or ssh-rsa for SSH version 2. Not used for SSH version 1.” But not specifying the type leads to errors, and looking at authorized_keys/parsed.rb it seems clear that the :match cannot handle the SSH type 1 case.
It is of course ill advised to still run ssh type 1, but such keys should at least not stop Puppet from running.