delfuego
commented
10 years ago So that's weird, because according to the official ssh_authorized_keys docs, the only way that non-matching existing authorized_keys entries should be purged is if the user module's purge_ssh_keys attribute is set to true. And according to the user docs, the default for this attribute is false.
As it stands an user can only have one key (the default) in ~/.ssh/authorized_keys. Otherwise it gets overwritten when puppet does whatever it does.
Not too, important, though. I mean, it even says it's "definitely not recommended" to manage the file manually, but I did it anyway. I only have myself to blame!