Uploaded image for project: 'Modules'
  1. Modules
  2. MODULES-10828

sshkey_core: error with already existing entry in ssh host key file



    • Type: Bug
    • Status: Closed
    • Priority: Normal
    • Resolution: Duplicate
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: sshkeys_core
    • Labels:
    • Environment:
    • Template:
      MODULES Bug Template
    • Team:
      Night's Watch
    • Sprint:
      NW - 2020-10-14
    • Method Found:
      Needs Assessment
    • QA Risk Assessment:
      Needs Assessment


      Basic Info
      Module Version: 2.1.0
      Puppet Version: 6.17.0
      OS Name/Version: openSUSE Leap 15.2


      PUP-10510 / commit: 2e059d4 Seem to introduce unusual/unexpected behavior. 

      I use "https://github.com/ghoneycutt/puppet-module-ssh" to manage my ssh(d) and sshkey's. This module exports all host keys (@@sshkey{}) and collect all exported host keys (Sshkey <<||>> {}). But  since version 2.1.0 of sshkey_core this results in an error message on client side: 

      Error: Failed to apply catalog: Cannot alias Sshkey[host.domain@ssh-rsa] to ["host.domain", :"ssh-rsa"]; resource ["Sshkey", "host.domain", :"ssh-rsa"] already declared (file: ./external/ssh/manifests/init.pp, line: 1197)

      This happens only with sequential calls to puppet (agent). The first time everything goes alright, as the target file (/etc/ssh/ssh_known_hosts) is still empty. At the second run, (when the entry is already present) the run fails with above error message.

      Desired Behavior:

      It seems that ghoneycutt/ssh correctly defines the desired state of the target machine (By listing all entries needed in the ssh host key file). Therefor I expect that this module checks that this machine is already in the desired state (all requested entries are already present) and continue normal operation.

      Actual Behavior:

      This module reads all entries already present in the ssh host key file (gives them a title/identifier) and tries to append the "new" requested entries  (which have the same title/identifier as the already existing one(s), as they are the same). This conflict with the already existing title/identifier results in the error message stated above.


      After removing below 3 lines from lib/puppet/provider/sshkey/parsed.rb  the error message is gone (this is also the only difference on this file between 2.0.0 and 2.1.0).

      def title

      These lines were introduced in: PUP-10510.

      I have zero ruby knowledge, so i do not understand the impact of the removal of those 3 lines, but as 2.0.0 worked so far, I think it is quite safe as a workaround.


      include ssh (from ghoneycutt/ssh), with sshkey_core version 2.1.0, without any options/parameters and run at least two times on the same machine to reproduce.


          Issue Links



              Unassigned Unassigned
              Smarty12 Martijn Goedhart
              0 Vote for this issue
              2 Start watching this issue



                  Zendesk Support