On Sat, Dec 01, 2012 at 09:58:43AM -0800, Yanis Guenane wrote: > When I apply a sshkey resource I do obtain the /etc/ssh/ssh_known_hosts > file, but it is not world reable. > > According to the ssh man page, > > /etc/ssh/ssh_known_hosts > > Systemwide list of known host keys. This file should be > > prepared by the system administrator to contain the public host keys of all > > machines in the organization. It should be world-readable. See sshd(8) > > for further details of the format of this file. > > > > Is there any specific reason why when Puppet generates it it is only user > (root) Readable and Writable ? Security maybe ? >
No it is a bug http://projects.puppetlabs.com/issues/2014 that happens when the file was not present before and the sshkey provider needs to create it first. You can use a file resource to actually set the correct permissions, like file { '/etc/ssh/ssh_known_hosts': ensure => file, owner => 'root', group => 'root', mode => '0644', } Now the owner/group/mode are controlled with your file resource while the actual content is controlled by your sshkey resources. -Stefan -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
