Skip to content

setting up a cert-authority fails with sshkey type validation fail #438

Open
@bwitt

Description

@bwitt

I'm trying to add a CA via a @cert-authority * <key type> <key> line in the /etc/ssh/ssh_known_hosts` file.

There's no direct support in sshkeys-core, so I tried adding one via file_line:

  file_line { 'add ssh ca to ssh_known_hosts':
    path  => '/etc/ssh/ssh_known_hosts',
    line  => "@cert-authority * ${ssh_ca_public_key}",
    match => '^@cert-authority \* ',
  }

but when I do that, I get an error on the next puppet run

Error: /Stage[main]/Ssh/Resources[sshkey]: Failed to generate additional resources using 'generate': Parameter type failed on Sshkey[@]: Invalid value "cert-authority@*". Valid values are ssh-dss, ssh-ed25519, ssh-rsa, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com.

looks like there's an sshkey type that may need to be updated.

I'm using these in my Puppetfile:

mod "ghoneycutt-ssh", "5.1.1"
mod 'puppetlabs-sshkeys_core', '2.5.1'

Ref: https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/6/html/deployment_guide/sec-distributing_and_trusting_ssh_ca_public_keys

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions