Bug #1530
ssh_authorized_keys provider crashes on SSH type 1 keys
| Status: | Closed | Start date: | 08/25/2008 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: |  Francois Deppierraz |
% Done: | 0% |
|
| Category: | - | |||
| Target version: | - | |||
| Affected Puppet version: | 0.24.4 | Branch: | ||
| Keywords: | ||||
| Votes: | 0 |
Description
SSH type 1 keys do not have a prefix (ssh-dss or ssh-rsa), the line starts with the keysize, exponent and modulo – all in decimal, not hex or mime-encoded. If puppet (0.24.4 from Debian Etch backports) encounters such a file, it stops:
err: //Ssh_authorized_key[jops@jaw0-dsa]: Failed to retrieve current state of resource: Could not parse line “1024 35 1272345(…)
Also, it is impossible to specify type 1 keys in the ssh_authorized_keys provider, even though the Type reference implies that this should be possible: “type: The encryption type used. Usually ssh-dss or ssh-rsa for SSH version 2. Not used for SSH version 1.” But not specifying the type leads to errors, and looking at authorized_keys/parsed.rb it seems clear that the :match cannot handle the SSH type 1 case.
It is of course ill advised to still run ssh type 1, but such keys should at least not stop Puppet from running.
History
Updated by Francois Deppierraz over 3 years ago
- Status changed from Unreviewed to Accepted
- Assignee set to Francois Deppierraz
Yes, it must be able to parse version 1 keys.
Updated by Francois Deppierraz over 3 years ago
Fix committed in http://github.com/ctrlaltdel/puppet/tree/tickets/0.24.x/1530
Updated by Francois Deppierraz over 3 years ago
- Status changed from Accepted to Ready For Checkin
Updated by James Turnbull over 3 years ago
- Status changed from Ready For Checkin to Closed
Pushed in commit:990e8e3caadf488b5dd1d6b3bcb30df492f99647 in branch 0.24.x