Ask Your Question
0

How can I distribute hostkeys for users?

asked 2013-07-10 06:04:21 -0500

JDo gravatar image

updated 2013-07-10 06:09:25 -0500

With the combination of sshkey{} and exported resources, I can distribute a hostkey in the server fleet. The results show up in the file /etc/ssh/ssh_known_hosts.

Now I want to install a clustered application, which runs as a specified user, let's call him appuser.

How can I ensure all required hostkeys for user appuser, that

  • a script running as appuser at hostA
  • can login into hostB
  • without the question to accept the new hostkey for user appuser?

I remarked, that the fileformat of /etc/ssh/ssh_known_hosts and /home/appuser/.ssh/known_hosts differs.

Any ideas without lowering the security ... (more)

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
2

answered 2013-07-12 00:01:34 -0500

Ancillas gravatar image

updated 2013-07-12 00:02:32 -0500

Are you hitting bug 2014? Check to see if your ssh_known_hosts file is world readable. If not, you can use a File resource to make it readable to the appuser user.

file { '/etc/ssh/ssh_known_hosts':
  ensure => file,
  owner  => 'root',
  group  => 'root',
  mode   => '0644',
}
edit flag offensive delete link more
0

answered 2013-07-16 06:40:12 -0500

JDo gravatar image

updated 2013-07-16 06:42:57 -0500

It works :)

  • yes, it was puppet bug 2014
  • your workaround fixed it!

Many thanks, now I can install a ready-to-run clustered application :)

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2013-07-10 06:04:21 -0500

Seen: 131 times

Last updated: Jul 16 '13