search

chef-cookbooks / ssh_known_hosts

Development repository for Chef Cookbook ssh_known_hosts
https://supermarket.chef.io/cookbooks/ssh_known_hosts
Apache License 2.0
72 stars 77 forks source link

Unable to add a non rsa key #85

Closed sekrett closed 6 years ago

sekrett commented 7 years ago

Cookbook version

5.2.1

Chef-client version

12.20.3

Platform Details

Debian 9

Scenario:

There is an example in documentation how to add an own key, the string includes domain name and key type, then the key. But it results in doubling the domain name and the type is ignored completely, it is always added as an RSA, but I need different types to add.

Steps to Reproduce:

ssh_known_hosts_entry 'domain' do
  key 'domain ssh-ed25519 AAAA......'
end

Expected Result:

In /etc/ssh/ssh_known_keys: domain ssh-ed25519 AAAA.....

Actual Result:

In /etc/ssh/ssh_known_keys: domain ssh-rsa domain ssh-ed25519 AAAA.....

haidangwa commented 6 years ago

@sekrett did you ever get this resolved? I ran into your issue today, but I was able to resolve it. In the resource block, I set key_type ecdsa. Before, I had this set to key_type ecdsa-sha2-nistp256 and that caused the entry in /etc/ssh/ssh_known_hosts to "double-up" like you described.

I'm not entirely sure how it worked, but this method (https://github.com/chef-cookbooks/ssh_known_hosts/blob/master/resources/entry.rb#L82-L90) clued me into changing the key_type String. That method is called here: https://github.com/chef-cookbooks/ssh_known_hosts/blob/master/resources/entry.rb#L33

sekrett commented 6 years ago

@haidangwa Nice, thanks, I will try that.

tas50 commented 6 years ago

key_type wasn't a documented property and I made sure to get that documented. You will have to specify the key type when you try to add it. Let me know if that resolves this problem or if there's more digging that needs to happen.