The Puppet Labs Issue Tracker has Moved: https://tickets.puppetlabs.com

This issue tracker is now in read-only archive mode and automatic ticket export has been disabled. Redmine users will need to create a new JIRA account to file tickets using https://tickets.puppetlabs.com. See the following page for information on filing tickets with JIRA:

Bug #18253

$ecdsakey fact does not represent specific key type

Added by Michael Henry over 3 years ago. Updated over 3 years ago.

Status:Needs More InformationStart date:
Priority:NormalDue date:
Assignee:Michael Henry% Done:

0%

Category:-
Target version:-
Keywords:ssh
ecdsa
ecdsakey
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
Affected Facter version:
Branch:

We've Moved!

Ticket tracking is now hosted in JIRA: https://tickets.puppetlabs.com


Description

There are 5 types of SSH keys: rsa, dsa, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, and ecdsa-sha2-nistp521

So puppet already accounts for the three different ecdsa keytypes, but puts them into one fact $ecdsakey

So when doing something like this:

@@sshkey { “${::fqdn}_ecdsa”:

            host_aliases => $host_aliases,
            type => ecdsa-sha2-nistp256,
            key => $::sshecdsakey,
    }

It puts the wrong keytype in known_hosts if the key is 384 or 512 bits.

Suggest adding a fact for $ecdsatype or similar when the key is detected.

(RSA and DSA keys can be various sizes and they will always be RSA and DSA… but if you change the size of the ecdsa key size it changes they keytype. Don’t ask me why.)

History

#1 Updated by eric sorenson over 3 years ago

  • Project changed from Puppet to Facter
  • Category deleted (ssh)
  • Status changed from Unreviewed to Accepted

This is actually a Facter bug, so I’m moving it over to that project. Your proposal seems reasonable, do you feel comfortable coding up a fix for it?

#2 Updated by eric sorenson over 3 years ago

  • Status changed from Accepted to Needs More Information
  • Assignee set to Michael Henry

I’ve put this ticket’s status into “Needs more Information” and assigned it to you. Please either (a) update it with the information I’ve requested and re-assign it to me if you need more help, or (b) change the status to “Closed” if you were able to resolve the issue on your own.

Also available in: Atom PDF