/etc/ssh/ssh_known_hosts not world readable when using sshkey resource
376 views
Skip to first unread message
Yanis Guenane
Dec 1, 2012, 12:58:43 PM12/1/12
to puppet...@googlegroups.com
When I apply a sshkey resource I do obtain the /etc/ssh/ssh_known_hosts file, but it is not world reable.
According to the ssh man page,
Is there any specific reason why when Puppet generates it it is only user (root) Readable and Writable ? Security maybe ?
According to the ssh man page,
/etc/ssh/ssh_known_hosts
Systemwide list of known host keys. This file should be prepared by the system administrator to contain the public host keys of all machines in the organization. It should be world-readable. See sshd(8) for further details of the format of this file.
Is there any specific reason why when Puppet generates it it is only user (root) Readable and Writable ? Security maybe ?
Stefan Schulte
Dec 2, 2012, 6:31:45 PM12/2/12
to puppet...@googlegroups.com
when the file was not present before and the sshkey provider needs to
create it first.
You can use a file resource to actually set the correct permissions,
like
file { '/etc/ssh/ssh_known_hosts':
ensure => file,
owner => 'root',
group => 'root',
mode => '0644',
}
Now the owner/group/mode are controlled with your file resource while
the actual content is controlled by your sshkey resources.
-Stefan
Yanis Guenane
Dec 3, 2012, 1:57:10 AM12/3/12
to puppet...@googlegroups.com
Thank you for your answer and the link to the current issue,
The solution you offered is what I am currently doing,
Thanks again,
The solution you offered is what I am currently doing,
Thanks again,
Reply all
Reply to author
Forward
0 new messages