Affects Version/s: PUP 3.7.0
Fix Version/s: PUP 3.7.2
Component/s: Types and Providers
Puppet 3.7.0+, Ubuntu 14.04 / Debian 7
Sprint:Platform 2014-10-15, Platform Client 2014-10-29
Steps to reproduce:
- Enter multple SSH authorized keys for a user without comments (just a key line by line, see example below).
- Manage the user with Puppet with the purge_ssh_keys parameter set to true.
- Have Puppet agent 3.7.0+
- Puppet agent run fails completely with an error. (full denial of service of the agent effectively)
Expected behaviour: Purging all other SSH keys, with or without comments and a successful Puppet agent run.
Note: Because of an unprivileged user being able to block Puppet agent runs I consider this more than just a corner case.
Since 3.7.0 (not with 3.6.2), I'm getting an unexpected error on the Puppet agent runs managing the user's SSH authorized keys with purge_ssh_keys enabled. Some users enter multiple keys without comments in the files, e.g.:
This results in the following error in 3.7.0+:
With the agent downgraded to 3.6.2, it runs, but it does not remove the existing keys properly.
Back on 3.7.1, it works fine again after editing the user's authorized_keys file and add some comments: