Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added random strings in key comments #460

Open
mcodenie opened this issue Aug 30, 2023 · 3 comments
Open

Added random strings in key comments #460

mcodenie opened this issue Aug 30, 2023 · 3 comments
Labels
community

Comments

@mcodenie
Copy link

Describe the Bug

It generates random strings in the key comment section, ie below - luigi_ssh-rsa_[email protected]_6bbd0f3daa6a944dcf5be78dbe171d1c
cat /home/xunil/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCU6RPX1CY+WB2wU6pWU6Nkb7HTE6qaFymT31o/m1F6KUkgU9xxbTWEhqbzU1t1m5QaEJT6YYDm9UjFtP19Y6q6phkWGH+8HJtOeJ8nEezsXM0nl3erSj8Tnyhq7fc8aAm+GYdSdtq+SnRojFeAeGAGS3aE6JExYsh6wjZ0uBEEzq88nm6vgIxm00m7htUSdkHHL+Z+VMMsX4xpDLH/zCaRVesOuSO1Dd919ttLyZffrzF3P98LXa7sTS5p44I9k2YyxJ3lcBxj4cuq0OmtNGnd7bBH6gzPrIrZC7d/TsNHNyc4F7LfkiyFUxXr5khphto//XLsw/gL1rNj1tB42qxtbcouu7VbMNQTgj7QFUtQ1DKuR7bSB1s3iJ54Xo4dcLJyQna+bXtt/CghcTf/iHWfWNvCZkzh06JP5DY6HxVJQP2GueRnUxs7zlqDRlAbhW02RyypEtpnzUFdmwItiLvfkzrJtBbjao8/nJO+EVJUPB2vIJjqDbYxJMEgJI/dMks= [email protected]_6bbd0f3daa6a944dcf5be78dbe171d1c

Expected Behavior

It should have a clear ssh key without a random string so easy to make a condition. If rerun the puppet, it keeps generating a new one.
type key_fingerprint key_comment
ie 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCU6RPX1CY+WB2wU6pWU6Nkb7HTE6qaFymT31o/m1F6KUkgU9xxbTWEhqbzU1t1m5QaEJT6YYDm9UjFtP19Y6q6phkWGH+8HJtOeJ8nEezsXM0nl3erSj8Tnyhq7fc8aAm+GYdSdtq+SnRojFeAeGAGS3aE6JExYsh6wjZ0uBEEzq88nm6vgIxm00m7htUSdkHHL+Z+VMMsX4xpDLH/zCaRVesOuSO1Dd919ttLyZffrzF3P98LXa7sTS5p44I9k2YyxJ3lcBxj4cuq0OmtNGnd7bBH6gzPrIrZC7d/TsNHNyc4F7LfkiyFUxXr5khphto//XLsw/gL1rNj1tB42qxtbcouu7VbMNQTgj7QFUtQ1DKuR7bSB1s3iJ54Xo4dcLJyQna+bXtt/CghcTf/iHWfWNvCZkzh06JP5DY6HxVJQP2GueRnUxs7zlqDRlAbhW02RyypEtpnzUFdmwItiLvfkzrJtBbjao8/nJO+EVJUPB2vIJjqDbYxJMEgJI/dMks= [email protected]'

Steps to Reproduce

Steps to reproduce the behavior:

  1. In the manifest,
  lookup('users', Hash, 'hash').each | String $username, Hash $attrs | {
    accounts::user { $username:
      * => $attrs,
    }
  }
  1. In the heira data.
users:
  'luigi':
    sshkeys:
      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCU6RPX1CY+WB2wU6pWU6Nkb7HTE6qaFymT31o/m1F6KUkgU9xxbTWEhqbzU1t1m5QaEJT6YYDm9UjFtP19Y6q6phkWGH+8HJtOeJ8nEezsXM0nl3erSj8Tnyhq7fc8aAm+GYdSdtq+SnRojFeAeGAGS3aE6JExYsh6wjZ0uBEEzq88nm6vgIxm00m7htUSdkHHL+Z+VMMsX4xpDLH/zCaRVesOuSO1Dd919ttLyZffrzF3P98LXa7sTS5p44I9k2YyxJ3lcBxj4cuq0OmtNGnd7bBH6gzPrIrZC7d/TsNHNyc4F7LfkiyFUxXr5khphto//XLsw/gL1rNj1tB42qxtbcouu7VbMNQTgj7QFUtQ1DKuR7bSB1s3iJ54Xo4dcLJyQna+bXtt/CghcTf/iHWfWNvCZkzh06JP5DY6HxVJQP2GueRnUxs7zlqDRlAbhW02RyypEtpnzUFdmwItiLvfkzrJtBbjao8/nJO+EVJUPB2vIJjqDbYxJMEgJI/dMks= [email protected]'
      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCXXgsjIZYtY1Sk3D961fuW+ht9TeX3NfVfEO7cwxuqnFpZP3xATbLvPbXTRe2xXc3kheTT1id039IBb4/AFSQWaYxkH8dUv6cQxcZvbcQQ5aljqI8UZQdiNCX2Mrq42OViF0RbAKH+ofjCELG/hzdDxj/iYgF10u05bCRN9Z7LhwHMCRL8ODTO91sIu1KdHm67cdGmqoi5bx8yBs1IctWwBoDQqqtnKAtiGFQOSSQln9A5MgBk9bj+Nrh9FlAojoHe5ivC5pYBduROoI+ONoeVwHxBjj3tzN7NkxXNcf28vpQem63QCVHxmRvLHVKUdis0VXkTKyHlHOpRoKu6G+Ev0xdLT+P4KVEqb4o0Cr/5QYmI7V//DUMjWauUZVD0uu3ZKxZP5FJvMpYFBdmRneH9x+c1GWTIFJLMg592kgOpZDUmPuhF9k0vagZsww3aTi7Io4N3E/Vmcst5jXT+S364o9SIjd4W64BFaRmidtc7GatT8ZJV7G1Sro+6Vypfo8M= [email protected]'

Environment

puppet6-release-6.0.0-23.el8.noarch
puppet-agent-6.28.0-1.el8.x86_64
in
Red Hat Enterprise Linux release 8.7 (Ootpa)

Additional Context

Using this module version.
mod 'puppetlabs-accounts', '8.1.0'

The documentation doesn't mention that it generates a random string, or any options to get rid of those strings.
@mcodenie
Copy link
Author

Initial solution in my end similar to puppetlabs-sshkeys_core using like this format

ssh_authorized_key { '[email protected]':
  ensure => present,
  user   => 'nick',
  type   => 'ssh-rsa',
  key    => 'AAAAB3Nza[...]qXfdaQ==',
}

In line 43, manifests/manage_keys.pp, altered the key_title to use only 3rd entry instead of adding md5, user and key name in the key title.
from
$key_title = "${user}_${key_type}_${key_name}"
to
$key_title = $key_def[3]

@kenyon
Copy link
Contributor

kenyon commented Aug 30, 2023

It's just the md5sum of the key to ensure uniqueness. See https://puppet.atlassian.net/browse/MODULES-10867 and #340.

@mcodenie
Copy link
Author

mcodenie commented Aug 30, 2023
edited
Loading

I see, but why just use a simpler ssh key name by just adding the md5 checksum so easy to determine that's from that particular user.

    $key_name    = "${key_def[3]}_${key_md5}"
    $key_title = $key_name

So able to comply with SSH Public Key format, as mostly comment in the format user@host...
[type-name] [base64-encoded-ssh-public-key] [comment]
ie ssh-rsa AAAAB3NzaC1yc2E...Q02P1Eamz/nT4I3 root@localhost

At least on that, it just added the md5 checksum after the user@host.
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCU6RPX1CY+WB2wU6pWU6Nkb7HTE6qaFymT31o/m1F6KUkgU9xxbTWEhqbzU1t1m5QaEJT6YYDm9UjFtP19Y6q6phkWGH+8HJtOeJ8nEezsXM0nl3erSj8Tnyhq7fc8aAm+GYdSdtq+SnRojFeAeGAGS3aE6JExYsh6wjZ0uBEEzq88nm6vgIxm00m7htUSdkHHL+Z+VMMsX4xpDLH/zCaRVesOuSO1Dd919ttLyZffrzF3P98LXa7sTS5p44I9k2YyxJ3lcBxj4cuq0OmtNGnd7bBH6gzPrIrZC7d/TsNHNyc4F7LfkiyFUxXr5khphto//XLsw/gL1rNj1tB42qxtbcouu7VbMNQTgj7QFUtQ1DKuR7bSB1s3iJ54Xo4dcLJyQna+bXtt/CghcTf/iHWfWNvCZkzh06JP5DY6HxVJQP2GueRnUxs7zlqDRlAbhW02RyypEtpnzUFdmwItiLvfkzrJtBbjao8/nJO+EVJUPB2vIJjqDbYxJMEgJI/dMks= [email protected]_6bbd0f3daa6a944dcf5be78dbe171d1c

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
community
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kenyon @ia-content @mcodenie