-
Type:
Bug
-
Status: Accepted
-
Priority:
Normal
-
Resolution: Unresolved
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: sshkeys_core
-
Labels:None
-
Environment:
Centos7, Puppet 4.8.2
-
Template:customfield_10700 175237
-
Acceptance Criteria:
-
Team:Night's Watch
-
QA Risk Assessment:Needs Assessment
Having the following setup:
File: /root/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQXXXXXXXXXXXXXXXXXXXXXXXXXXXCCnPvBi9gRCVPWHHaLtz3Df5iVDunsQ5JA5wk2YaK8AXfrvIzO+vZWj7maFEP8PIfoFPi8L3M83ELXBSVLp/FdAGf1q221kXeioOyia/HBewn857EpWBtagUwpbE1k/Lmrp7mDVJrXrPVVjdafV8VMLA84fTdastAbJEJEw8o6lemUavHedTslkUPEzOdqVbsT7dmEbYOg6cj9drxC6yOZMpR/jok8xbEmJbaa9iZTWJyHE8YWHesA2v2Afdy46oOJ8XeYSNR4CVjhF6eWjT9yMg6QhmlpmmoLfi9R9PUq1ymltP90Hi+EKYbOJUGQ== ssh-key-user
|
And the following manifest
user { 'user':
|
ensure => present,
|
home => '/home/user',
|
purge_ssh_keys => true,
|
}
|
user { 'root':
|
ensure => present,
|
home => '/root',
|
purge_ssh_keys => true,
|
}
|
ssh_authorized_key { 'ssh-key-user':
|
type => 'ssh-rsa',
|
user => 'user',
|
key => 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQXXXXXXXXXXXXXXXXXXXXXXXXXXXCCnPvBi9gRCVPWHHaLtz3Df5iVDunsQ5JA5wk2YaK8AXfrvIzO+vZWj7maFEP8PIfoFPi8L3M83ELXBSVLp/FdAGf1q221kXeioOyia/HBewn857EpWBtagUwpbE1k/Lmrp7mDVJrXrPVVjdafV8VMLA84fTdastAbJEJEw8o6lemUavHedTslkUPEzOdqVbsT7dmEbYOg6cj9drxC6yOZMpR/jok8xbEmJbaa9iZTWJyHE8YWHesA2v2Afdy46oOJ8XeYSNR4CVjhF6eWjT9yMg6QhmlpmmoLfi9R9PUq1ymltP90Hi+EKYbOJUGQ=='
|
}
|
The key in /root/.ssh/authorized_keys is not purged, altought it should be according to the catalog.
Background:
When deploying servers, we hand over the server with a ssh key of the ordering person added to the root user's ssh key file. Once the server is attached to puppet, the server is "provissioned" - meaning we add personal accounts with sudo and want to use puppet to purge all unmanaged ssh keys in the root users.
- relates to
-
-
- Needs Information
-