The Puppet Labs Issue Tracker has Moved: https://tickets.puppetlabs.com

Bug #1530

ssh_authorized_keys provider crashes on SSH type 1 keys

Added by Paul Boven over 5 years ago. Updated over 5 years ago.

Status:ClosedStart date:08/25/2008
Priority:NormalDue date:
Assignee:Francois Deppierraz% Done:

0%

Category:-
Target version:-
Affected Puppet version:0.24.4 Branch:
Keywords:

We've Moved!

Ticket tracking is now hosted in JIRA: https://tickets.puppetlabs.com

This issue is currently not available for export. If you are experiencing the issue described below, please file a new ticket in JIRA. Once a new ticket has been created, please add a link to it that points back to this Redmine ticket.


Description

SSH type 1 keys do not have a prefix (ssh-dss or ssh-rsa), the line starts with the keysize, exponent and modulo – all in decimal, not hex or mime-encoded. If puppet (0.24.4 from Debian Etch backports) encounters such a file, it stops:

err: //Ssh_authorized_key[jops@jaw0-dsa]: Failed to retrieve current state of resource: Could not parse line “1024 35 1272345(…)

Also, it is impossible to specify type 1 keys in the ssh_authorized_keys provider, even though the Type reference implies that this should be possible: “type: The encryption type used. Usually ssh-dss or ssh-rsa for SSH version 2. Not used for SSH version 1.” But not specifying the type leads to errors, and looking at authorized_keys/parsed.rb it seems clear that the :match cannot handle the SSH type 1 case.

It is of course ill advised to still run ssh type 1, but such keys should at least not stop Puppet from running.

History

#1 Updated by Francois Deppierraz over 5 years ago

  • Status changed from Unreviewed to Accepted
  • Assignee set to Francois Deppierraz

Yes, it must be able to parse version 1 keys.

#2 Updated by Francois Deppierraz over 5 years ago

Fix committed in http://github.com/ctrlaltdel/puppet/tree/tickets/0.24.x/1530

#3 Updated by Francois Deppierraz over 5 years ago

  • Status changed from Accepted to Ready For Checkin

#4 Updated by James Turnbull over 5 years ago

  • Status changed from Ready For Checkin to Closed

Pushed in commit:990e8e3caadf488b5dd1d6b3bcb30df492f99647 in branch 0.24.x

Also available in: Atom PDF