Uploaded image for project: 'Modules'
  1. Modules
  2. MODULES-7596

puppet ssh_authorized_key not purged as expected

    Details

    • Type: Bug
    • Status: Accepted
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: sshkeys_core
    • Labels:
      None
    • Environment:

      Centos7, Puppet 4.8.2

    • Template:
    • Acceptance Criteria:
      Hide

      Root users ssh key should ne purged, altought used by another user.

      Show
      Root users ssh key should ne purged, altought used by another user.
    • Team:
      Coremunity
    • QA Risk Assessment:
      Needs Assessment

      Description

      Having the following setup:

      File: /root/.ssh/authorized_keys

      ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQXXXXXXXXXXXXXXXXXXXXXXXXXXXCCnPvBi9gRCVPWHHaLtz3Df5iVDunsQ5JA5wk2YaK8AXfrvIzO+vZWj7maFEP8PIfoFPi8L3M83ELXBSVLp/FdAGf1q221kXeioOyia/HBewn857EpWBtagUwpbE1k/Lmrp7mDVJrXrPVVjdafV8VMLA84fTdastAbJEJEw8o6lemUavHedTslkUPEzOdqVbsT7dmEbYOg6cj9drxC6yOZMpR/jok8xbEmJbaa9iZTWJyHE8YWHesA2v2Afdy46oOJ8XeYSNR4CVjhF6eWjT9yMg6QhmlpmmoLfi9R9PUq1ymltP90Hi+EKYbOJUGQ== ssh-key-user
      

      And the following manifest

      user { 'user':
        ensure => present,
        home => '/home/user',
        purge_ssh_keys => true,
      }
      user { 'root':
        ensure => present,
        home => '/root',
        purge_ssh_keys => true,
      }
      ssh_authorized_key { 'ssh-key-user':
        type => 'ssh-rsa',
        user => 'user',
        key => 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQXXXXXXXXXXXXXXXXXXXXXXXXXXXCCnPvBi9gRCVPWHHaLtz3Df5iVDunsQ5JA5wk2YaK8AXfrvIzO+vZWj7maFEP8PIfoFPi8L3M83ELXBSVLp/FdAGf1q221kXeioOyia/HBewn857EpWBtagUwpbE1k/Lmrp7mDVJrXrPVVjdafV8VMLA84fTdastAbJEJEw8o6lemUavHedTslkUPEzOdqVbsT7dmEbYOg6cj9drxC6yOZMpR/jok8xbEmJbaa9iZTWJyHE8YWHesA2v2Afdy46oOJ8XeYSNR4CVjhF6eWjT9yMg6QhmlpmmoLfi9R9PUq1ymltP90Hi+EKYbOJUGQ=='
      }
      

      The key in /root/.ssh/authorized_keys is not purged, altought it should be according to the catalog.

      Background:
      When deploying servers, we hand over the server with a ssh key of the ordering person added to the root user's ssh key file. Once the server is attached to puppet, the server is "provissioned" - meaning we add personal accounts with sudo and want to use puppet to purge all unmanaged ssh keys in the root users.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                elconas Robert Heinzmann
              • Votes:
                1 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:

                  Zendesk Support