The Puppet Labs Issue Tracker has Moved: https://tickets.puppetlabs.com

This issue tracker is now in read-only archive mode and automatic ticket export has been disabled. Redmine users will need to create a new JIRA account to file tickets using https://tickets.puppetlabs.com. See the following page for information on filing tickets with JIRA:

Bug #4145

sshkey resource created /etc/ssh/ssh_known_hosts mode 0600

Added by Alan Barrett almost 6 years ago. Updated almost 2 years ago.

Status:AcceptedStart date:07/06/2010
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:ssh
Target version:-
Affected Puppet version:0.25.5 Branch:
Keywords:

We've Moved!

Ticket tracking is now hosted in JIRA: https://tickets.puppetlabs.com

This ticket is now tracked at: https://tickets.puppetlabs.com/browse/PUP-2900


Description

I used an sshkey resource like this:

sshkey { "host.domain.example":
    ensure => present,
    type => "ssh-rsa",
    key => "AAAblahblahblah==",
}

and puppet created the /etc/ssh/ssh_known_hosts file with sensible contents, but with mode 0600.

This file is supposed to be world readable. Of course I can use a file resource to fix it, but I’d prefer it if puppet created it with a sensible mode.


Related issues

Duplicated by Puppet - Bug #21811: Wrong permissions for /etc/ssh/ssh_known_hosts Duplicate

History

#1 Updated by James Turnbull almost 6 years ago

  • Category set to ssh
  • Status changed from Unreviewed to Accepted
  • Target version set to 49

#2 Updated by Peter Meier almost 6 years ago

Isn’t that similar to #3299 and if we don’t fix it there, why do we fix it here?

#3 Updated by James Turnbull almost 6 years ago

Peter – the difference for me is “nice to have” versus broken and I admit it’s a fine line. The sshkey generates files that aren’t functional and SHOULD be set to 06xx permissions instead. The nagios types could be owned and permissioned differently on a variety of different platforms.

#4 Updated by Peter Meier almost 6 years ago

Peter – the difference for me is “nice to have” versus broken and I admit it’s a fine line. The sshkey generates files that aren’t functional and SHOULD be set to 06xx permissions instead. The nagios types could be owned and permissioned differently on a variety of different platforms.

right, I agree with “nice to have” vs. broken. But imho nagios is without that “nice to have” broken on all default installations I know, as nagios runs there as an own user, but, yeah, a different user. But that doesn’t belong anymore belong to that bugreport.

#5 Updated by James Turnbull over 5 years ago

  • Target version deleted (49)

#6 Updated by Matthew Barr almost 3 years ago

Any update to this? The whole point of the global known hosts file is so that other users can use it.. which means that it should be 644.

#7 Updated by john bond almost 2 years ago

Redmine Issue #4145 has been migrated to JIRA:

https://tickets.puppetlabs.com/browse/PUP-2900

Also available in: Atom PDF