Re: [Puppet Users] Collecting _all_ ssh keys
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, Am Di den 27. Jul 2010 um 2:54 schrieb Jeff McCune: > > However, it doesn't matter for this particular problem as it doesn't > > work either. > Hrm... Could you be more specific about what's not working? The two > resources I posted should manage both the DSA and RSA keys on all of > your systems. I still wrote it. It complies about duplicate host alias (or that the alias ist still defined, I do not know exactly anymore). > What's the error you're getting? If you need the correct error message I have to do the test once more. Regards Klaus - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEVAwUBTE6Pw5+OKpjRpO3lAQqH1wf/VknAy+vhZErA/i0MfFushl4JWGZNJ9Sm 6IfJGsWy+5/CpnNNcRMqICcIAPn91fplw5j87sSpeig31nJsMBniLqprWxViTDBL iaHcfc9isV5OuWX3lR6rCSgi6ZQp2tEkGOci/HkKu3mnc/FZH6yz3awIftTigsXR dqt40Gp1ZW8gEO8MqGem3FQ56sZQJ96rMCcrvID68fVLMaalKlzzXimHfM8oRcrU OPb8xebHBVB4w/P0KajhdqF0HqiKcyQQekj/HjUe0xv+dbaXF7jGmNylNrXKsoM8 HAcxclWQG9855vnDIDLJIqHkJ5ve/v8sybNd+DOE/wdi19uU8fbwng== =wkF/ -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Collecting _all_ ssh keys
On Mon, Jul 26, 2010 at 3:38 AM, Klaus Ethgen wrote: > > However, it doesn't matter for this particular problem as it doesn't > work either. Hrm... Could you be more specific about what's not working? The two resources I posted should manage both the DSA and RSA keys on all of your systems. What's the error you're getting? Cheers, -- Jeff McCune http://www.puppetlabs.com/ -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Collecting _all_ ssh keys
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
Am Mo den 26. Jul 2010 um 8:13 schrieb David Schmitt:
> On 7/19/2010 10:34 PM, Jeff McCune wrote:
> > host_aliases => "${fqdn}",
[...]
> http://docs.puppetlabs.com/guides/types/ssh/sshkey.html doesn't talk
> about host_aliases, so something's wrong here.
Well, there is definitively a little confusion. puppetdoc tell you about
host_aliases and tell you why not to use alias.
However, it doesn't matter for this particular problem as it doesn't
work either.
Regards
Klaus
- --
Klaus Ethgenhttp://www.ethgen.de/
pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen
Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
iQEVAwUBTE1XiZ+OKpjRpO3lAQquOQf+KTjP98r8pSNhuXWu0Tjjih7FNnv9UJ7D
n8bl4eH3Bb+tE2VNoUX3HS/XgzPnb33TfDjxgyA9Lb/4w+ypNRP3K0KF7/p76Q3B
tUdNJVof+uwFf/E0HZSVb0Uf/OMvjs7JBvk37QsZYf+okVI7vxnMsZgpTgV5hgpm
b9LzqhLb5nP5jIXiY29ngIgKhsyy0L2dVZNB3j0BVTI5kwmwMqeY2oRWpvB311BX
VHH8DjzET/1eBUyiB9FL6p1cIFbVLGigWfBfoA68VF+D8VsVtLzpHjvZ9typ4Oo9
f0wco/ROx3qIA57oXl6rTJ8BNolNVzPS/bHkkMCBGZPKrBmNFvexEA==
=bXbh
-END PGP SIGNATURE-
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Collecting _all_ ssh keys
On 7/19/2010 10:34 PM, Jeff McCune wrote:
On Mon, Jul 19, 2010 at 7:52 AM, Klaus Ethgen wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
Am Sa den 12. Jun 2010 um 10:03 schrieb David Schmitt:
You'll need to set a properly unique title, and set the namevar explicitely:
@@sshkey {
"${fqdn}dsa":
name => $fqdn,
...
"${fqdn}rsa":
name => $fqdn,
...
}
That idea was pretty good. But then I get the message:
err: Could not retrieve catalog: Puppet::Parser::AST::Resource failed with
error ArgumentError: Cannot alias Sshkey[xxx.yyy.chrsa] to xxx.yyy.ch; resource
Sshkey[xxx.yyy.ch] already exists at
/etc/puppet/modules/ssh/manifests/init.pp:44 on node xxx.yyy.ch
The name attribute is the namevar and as such must also be unique in
the catalog.
Try this:
@@sshkey {
"${fqdn}-dsa":
host_aliases => "${fqdn}",
key => "${sshdsakey}";
"${fqdn}-rsa":
host_aliases => "${fqdn}",
key => "${sshrsakey}";
}
Sshkey<<||>>
This will prevent duplicate resource definitions.
Hope this helps,
jeff,
http://docs.puppetlabs.com/guides/types/ssh/sshkey.html doesn't talk
about host_aliases, so something's wrong here.
Best Regards, David
--
dasz.at OG Tel: +43 (0)664 2602670 Web: http://dasz.at
Klosterneuburg UID: ATU64260999
FB-Nr.: FN 309285 g FB-Gericht: LG Korneuburg
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Collecting _all_ ssh keys
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >> This will prevent duplicate resource definitions. > > That was my idea too. But then it complies that there is a duplicated > alias. too bad. > As it seems there is no way at the moment to get both. Man has to choose > between them. :-( I think this should be possible in 2.6, with the combined resource identifiers. cheers pete -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkxFyWQACgkQbwltcAfKi39opwCcC1BfaBB+xQDDzJpRHIWCD6dR Q+QAoKrXStLa3obCQ7eqWmGj/DwaUnUH =UVgh -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Collecting _all_ ssh keys
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Am Mo den 19. Jul 2010 um 21:34 schrieb Jeff McCune:
> The name attribute is the namevar and as such must also be unique in
> the catalog.
>
> Try this:
>
> @@sshkey {
> "${fqdn}-dsa":
> host_aliases => "${fqdn}",
> key => "${sshdsakey}";
> "${fqdn}-rsa":
> host_aliases => "${fqdn}",
> key => "${sshrsakey}";
> }
>
> Sshkey <<||>>
>
> This will prevent duplicate resource definitions.
That was my idea too. But then it complies that there is a duplicated
alias.
As it seems there is no way at the moment to get both. Man has to choose
between them. :-(
Regards
Klaus
- --
Klaus Ethgenhttp://www.ethgen.de/
pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen
Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
iQEVAwUBTEVT55+OKpjRpO3lAQo2jwf/UcNvTebz53RTKYt6RCENyWfaMvgHgeik
oO0n3Vy32Cusonft5PdGgoOpOi0AvZuXDpoOIPFeuHFfbyxEJ6JtWsfOFnrBxVNE
Lc6Li1oXX++PfPzOKoIQoYrkwHm8gL5IdDz57alEiL5RVp+VoFg3CgLUigJw5Ayr
1yU5yIklV2768bg4EfMxl44OQ3qSx/uiaEBFewP7wwgsd2EonCNXme+gu4OaJIpG
6IWKF7TUJwO2TxAzaGO++duazCkn9M0FtZnueb/aiJuUz7rGqAr7zyepZ4nD89AC
Zdxlrj/8CvIIxAeEsW2FKUdgipGqK+aeX7eYOQULCuOjTNFJXZD8bg==
=meg+
-END PGP SIGNATURE-
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Collecting _all_ ssh keys
On Mon, Jul 19, 2010 at 7:52 AM, Klaus Ethgen wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Hi,
>
> Am Sa den 12. Jun 2010 um 10:03 schrieb David Schmitt:
>> You'll need to set a properly unique title, and set the namevar explicitely:
>>
>> @@sshkey {
>> "${fqdn}dsa":
>> name => $fqdn,
>> ...
>> "${fqdn}rsa":
>> name => $fqdn,
>> ...
>> }
>
> That idea was pretty good. But then I get the message:
> err: Could not retrieve catalog: Puppet::Parser::AST::Resource failed with
> error ArgumentError: Cannot alias Sshkey[xxx.yyy.chrsa] to xxx.yyy.ch;
> resource Sshkey[xxx.yyy.ch] already exists at
> /etc/puppet/modules/ssh/manifests/init.pp:44 on node xxx.yyy.ch
The name attribute is the namevar and as such must also be unique in
the catalog.
Try this:
@@sshkey {
"${fqdn}-dsa":
host_aliases => "${fqdn}",
key => "${sshdsakey}";
"${fqdn}-rsa":
host_aliases => "${fqdn}",
key => "${sshrsakey}";
}
Sshkey <<||>>
This will prevent duplicate resource definitions.
Hope this helps,
--
Jeff McCune
http://www.puppetlabs.com/
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Collecting _all_ ssh keys
On Jul 19, 2010, at 7:52 AM, Klaus Ethgen wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Hi,
>
> Am Sa den 12. Jun 2010 um 10:03 schrieb David Schmitt:
>> You'll need to set a properly unique title, and set the namevar explicitely:
>>
>> @@sshkey {
>> "${fqdn}dsa":
>> name => $fqdn,
>> ...
>> "${fqdn}rsa":
>> name => $fqdn,
>> ...
>> }
>
> That idea was pretty good. But then I get the message:
> err: Could not retrieve catalog: Puppet::Parser::AST::Resource failed with
> error ArgumentError: Cannot alias Sshkey[xxx.yyy.chrsa] to xxx.yyy.ch;
> resource Sshkey[xxx.yyy.ch] already exists at
> /etc/puppet/modules/ssh/manifests/init.pp:44 on node xxx.yyy.ch
>
> So, this approach is a dead end too unfortunately.
>
> Best regards and many thanks for the idea.
In practice I think you will only need the rsa key. Try just using rsa (and if
that doesn't work just dsa) and see if you are able to connect without warnings.
If I remember right, ssh clients usually only use one key, and modern clients
usually only use rsa keys.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Collecting _all_ ssh keys
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
Am Sa den 12. Jun 2010 um 10:03 schrieb David Schmitt:
> You'll need to set a properly unique title, and set the namevar explicitely:
>
> @@sshkey {
> "${fqdn}dsa":
> name => $fqdn,
> ...
> "${fqdn}rsa":
> name => $fqdn,
> ...
> }
That idea was pretty good. But then I get the message:
err: Could not retrieve catalog: Puppet::Parser::AST::Resource failed with
error ArgumentError: Cannot alias Sshkey[xxx.yyy.chrsa] to xxx.yyy.ch; resource
Sshkey[xxx.yyy.ch] already exists at
/etc/puppet/modules/ssh/manifests/init.pp:44 on node xxx.yyy.ch
So, this approach is a dead end too unfortunately.
Best regards and many thanks for the idea.
Klaus
- --
Klaus Ethgenhttp://www.ethgen.de/
pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen
Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
iQEVAwUBTERml5+OKpjRpO3lAQpeRgf9Hy1QofMwLOIwE5w51I0eMM8KhqFATQuf
yTdMv+eh0Q2gDZ7MUHq28CVp5z1FbsZvMPVx5eUNYwhmj7rMjHXyx2x4UA5l952C
VKCZ5AxJ2tC8JXynwIfxkNR2q+wTJftBfI1XwNvi/Mc2F7H1RfZTSpfiIXzf8NSR
0Iu/AWnDoTpyHLnkrWFVubQqbHVuSrE3AjHJJDOHHp5bOVxzFZ5l3KK/gemrDSNb
FYOWG7iaXHWaeY3M6DP6ERZtpOgdz+dbBfMHHHNJgdVUar3wB0tOarZBl0KeAYc8
WafT4aaWfwmysSOELcT6ZRGax9DxxDu0wC8f4FP6deDX9FJu3nwMqw==
=d+Mw
-END PGP SIGNATURE-
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Collecting _all_ ssh keys
Am 09.06.2010 10:57, schrieb Klaus Ethgen:
It seems like exactly what you want is collecting exported resources.
I recommend checking wiki:ExportedResource if what I am saying makes
no sense.
Exact. And I still read that sources. With the Sshkey type there is
still a implemented solution to collect that keys and export them to all
hosts. But that Type only allow to export one of the two hostkeys a host
have. And that is the source of my question.
You'll need to set a properly unique title, and set the namevar explicitely:
@@sshkey {
"${fqdn}dsa":
name => $fqdn,
...
"${fqdn}rsa":
name => $fqdn,
...
}
This should become easier once composite titles are implemented.
Best Regards, David
--
dasz.at OG Tel: +43 (0)664 2602670 Web: http://dasz.at
Klosterneuburg UID: ATU64260999
FB-Nr.: FN 309285 g FB-Gericht: LG Korneuburg
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Collecting _all_ ssh keys
On 06/09/2010 04:57 AM, Klaus Ethgen wrote: Exact. And I still read that sources. With the Sshkey type there is still a implemented solution to collect that keys and export them to all hosts. But that Type only allow to export one of the two hostkeys a host have. And that is the source of my question. Klaus, I assume you mean both the dsa and rsa key types; the sshkey type provides for specifying which you want. From the docs at http://docs.puppetlabs.com/references/stable/type.html: type The encryption type used. Probably ssh-dss or ssh-rsa. Valid values are |ssh-dss| (also called |dsa|), |ssh-rsa| (also called |rsa|). -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode "When the going gets weird, the weird turn pro." -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Collecting _all_ ssh keys
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, Am Mi den 9. Jun 2010 um 3:35 schrieb Joe McDonagh: > > But that is exact the point. If I collect the information with > > ssh-keyscan there is a little change that the key is wrong and not the > > one of the machine. Puppet give a nice way to collect the ssh keys of > > all hosts it manage from facter. And it provides also a nice way to > > spread all that collected keys to all machines known-hosts file. > > Unfortunately the key for the key (ehem, I hope you can follow. ;-) is > > the host name so you have to choose which one of each host you want to > > spread to all machines. > > This is one of the cases where 'tags' are really useful. You can tag > something like tag => "for_collection" in the exported resource, then > when you collect the exported resource, you would do Sshkey <<| tag => > "for_collection" |>>. Have to test this out if that work with the existing ssh-hostkey type, thanks for that hint. > > Ps. Disclaimer: This mail is in British English and not in puppet > > English. That means I use terms like "collect" in the British > > meaning and _not_ for the puppet meaning. > > Right but it serves no one including yourself to continue using a > technical term in a technical forum when you really mean some other > concept or principle. Ok, I forgot to add a smile. However, it is really difficult for some which mother thong is not English to distinguish between the technical term used just in on software and the correct English word. So telling the one that "collect" is a technical term in puppet with a completely different meaning than "collect" in English maybe, is not helpful and more confusing. > It seems like exactly what you want is collecting exported resources. > I recommend checking wiki:ExportedResource if what I am saying makes > no sense. Exact. And I still read that sources. With the Sshkey type there is still a implemented solution to collect that keys and export them to all hosts. But that Type only allow to export one of the two hostkeys a host have. And that is the source of my question. Regards Klaus Ethgen - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEVAwUBTA9Xb5+OKpjRpO3lAQpR4Af+ONFCFUNrfhG6La0zrrLYkU7qa2OXprZm 8bGlEZFTYCYvPeNmc3aNBAyz+OK15GZ3ZdOPfHY+dgTOuFTCg8TzmtcZ0C07U5aq WITlW+aoN1SH8Xx+FrpGEbuJlDbfcZB8nkkvRu3r400GifHLLduJ1690M/7BpBv/ 5uELFG15TyeUSx92DuU8tD5S9i4s3oxPYFmLWuunywdNFjiQI36DZl/Ja5X2v9+C Ox+dPjRGQRMwhvh1WN//p+85V+pVbZmCsD73qynMfxnO7G6LhMjy4vBluMFDO0LX VFUzZev/Fd26wGsqyI+7WUfMZhUbBegCt7oPUy3GzOBqaKrsO4ot6A== =wyft -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Collecting _all_ ssh keys
On 06/08/2010 01:54 PM, Klaus Ethgen wrote: > Hi, > > Am Di den 8. Jun 2010 um 17:15 schrieb Michael Semcheski: >> I'm not sure I understand your question, but doesn't this work? > >> ssh-keyscan -t dsa,rsa hostname > > Sure. > > But that is exact the point. If I collect the information with > ssh-keyscan there is a little change that the key is wrong and not the > one of the machine. Puppet give a nice way to collect the ssh keys of > all hosts it manage from facter. And it provides also a nice way to > spread all that collected keys to all machines known-hosts file. > Unfortunately the key for the key (ehem, I hope you can follow. ;-) is > the host name so you have to choose which one of each host you want to > spread to all machines. This is one of the cases where 'tags' are really useful. You can tag something like tag => "for_collection" in the exported resource, then when you collect the exported resource, you would do Sshkey <<| tag => "for_collection" |>>. > > Regards >Klaus Ethgen > > Ps. Disclaimer: This mail is in British English and not in puppet > English. That means I use terms like "collect" in the British > meaning and _not_ for the puppet meaning. Right but it serves no one including yourself to continue using a technical term in a technical forum when you really mean some other concept or principle. It seems like exactly what you want is collecting exported resources. I recommend checking wiki:ExportedResource if what I am saying makes no sense. -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Collecting _all_ ssh keys
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, Am Di den 8. Jun 2010 um 17:15 schrieb Michael Semcheski: > I'm not sure I understand your question, but doesn't this work? > > ssh-keyscan -t dsa,rsa hostname Sure. But that is exact the point. If I collect the information with ssh-keyscan there is a little change that the key is wrong and not the one of the machine. Puppet give a nice way to collect the ssh keys of all hosts it manage from facter. And it provides also a nice way to spread all that collected keys to all machines known-hosts file. Unfortunately the key for the key (ehem, I hope you can follow. ;-) is the host name so you have to choose which one of each host you want to spread to all machines. Regards Klaus Ethgen Ps. Disclaimer: This mail is in British English and not in puppet English. That means I use terms like "collect" in the British meaning and _not_ for the puppet meaning. - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEVAwUBTA6D0p+OKpjRpO3lAQpgYgf8DofFGj/rKVADMCyXQy0sO2PEhCafCjnG I4jTyabNeydx2vwqAn+II1/YZf+muHbToFaFZlqIx3cxr6dMoqJtYPoLt95q3Swb Muckvi8eJ4xVf4iJdB678JfMAbH2Kf4LC4g6dD6OHHPSQB/tA93EakOOWTqDGUoE t2IGGRE2F1lerPIwi3+zPWnZKTXgPKYHEre1MuIpyOxyGxmzTiCjnXGsjUZcjmea X35euWMUpctRuPcWNyUGKl8xbmQeuV5EvHPkayBwmKnSNXRaRENMiXpmg05W5Sv9 2qhrroNlTlgAtohtheDiJ71EKROmjLGWzc69tJDANwX7gwKSpXcPdg== =KR7v -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Collecting _all_ ssh keys
On Sun, Jun 6, 2010 at 6:16 AM, Klaus Ethgen wrote: > I read and find a way (well, there seems to be several equal > implementations) to collect the ssh keys of machines. However they all > give only the choice to choose between the key formats. I'm not sure I understand your question, but doesn't this work? ssh-keyscan -t dsa,rsa hostname -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Collecting _all_ ssh keys
On 06/06/2010 12:47 PM, Klaus Ethgen wrote:
Sure. And they get collected by facter without problems. But I am only
able to disperse one of them to all hosts.
regardless, you can collect like this
Ssh_authorized_key<<| type => "rsa" ||>
Ssh_authorized_key<<| type => "dsa" ||>
Oh, seems to be a misunderstanding. I do not mean the authorized keys I
do mean the host keys of the machines. (The ones found in
/etc/ssh/ssh_host_{rsa,dsa}_key.pub.)
I feel like you may be using the term 'collected' without knowing that
it is actually a technical term within puppet. You probably want to
check out the exported resources wiki page, since the principals are the
same for exporting and collecting resources of any type.
--
Joe McDonagh
Operations Engineer
AIM: YoosingYoonickz
IRC: joe-mac on freenode
"When the going gets weird, the weird turn pro."
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Collecting _all_ ssh keys
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
Am So den 6. Jun 2010 um 13:00 schrieb Joe McDonagh:
> > But is there a way to collect both keys of a machine, the rsa _and_ the
> > dss key (and maybe the rsa1 too)? I didn't find a way to solve this as
> > the key is the machine name and it have to be unique.
[...]
> Klaus, do you all your machines by defualt actually have both DSA and
> rsa types?
Sure. And they get collected by facter without problems. But I am only
able to disperse one of them to all hosts.
> regardless, you can collect like this
>
> Ssh_authorized_key <<| type => "rsa" ||>
> Ssh_authorized_key <<| type => "dsa" ||>
Oh, seems to be a misunderstanding. I do not mean the authorized keys I
do mean the host keys of the machines. (The ones found in
/etc/ssh/ssh_host_{rsa,dsa}_key.pub.)
Regards
Klaus Ethgen
- --
Klaus Ethgenhttp://www.ethgen.de/
pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen
Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
iQEVAwUBTAvRF5+OKpjRpO3lAQr7XQf7BJLkXQbPtVXDjua0ycIO49Zobg5Mpe4X
td+GGONOUGfmysqr9A/jYPV01j3QueRv/i/RqqAfV6BiFQX3CWzvsJ5uP1KMoVQ4
T5GNL7ZJ3GNeuq/rgrmLLSvEc8wbgTxfaZNTHi4VYbGNsQ7vhkC67usYM6uW4WPl
mBbnfibIZRpb8zOf3Aq2g9RclORxHPYgpS139AtId8NTn6uUFWHEFJLkR+K9+hGq
ONx7No5S/fJKGLJkCXpQwzG5DPUeYen5FP2DsqujVMgavXVUWaaV9r5RoBcSd5hj
G/zWF1H0Cjh8eZ6b16MdqWT8M203LdSvsPjwuhUumOubQUpZ2XjToA==
=WRG1
-END PGP SIGNATURE-
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Collecting _all_ ssh keys
On 06/06/2010 08:00 AM, Joe McDonagh wrote: > On 06/06/2010 06:16 AM, Klaus Ethgen wrote: >> Hello, >> >> I read and find a way (well, there seems to be several equal >> implementations) to collect the ssh keys of machines. However they all >> give only the choice to choose between the key formats. >> >> But is there a way to collect both keys of a machine, the rsa _and_ the >> dss key (and maybe the rsa1 too)? I didn't find a way to solve this as >> the key is the machine name and it have to be unique. >> >> Regards >>Klaus Ethgen > Klaus, do you all your machines by defualt actually have both DSA and > rsa types? regardless, you can collect like this > > Ssh_authorized_key <<| type => "rsa" ||> > Ssh_authorized_key <<| type => "dsa" ||> Slight typo there enclosed inside those little brackets it's <<| |>> -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Collecting _all_ ssh keys
On 06/06/2010 06:16 AM, Klaus Ethgen wrote: > Hello, > > I read and find a way (well, there seems to be several equal > implementations) to collect the ssh keys of machines. However they all > give only the choice to choose between the key formats. > > But is there a way to collect both keys of a machine, the rsa _and_ the > dss key (and maybe the rsa1 too)? I didn't find a way to solve this as > the key is the machine name and it have to be unique. > > Regards >Klaus Ethgen Klaus, do you all your machines by defualt actually have both DSA and rsa types? regardless, you can collect like this Ssh_authorized_key <<| type => "rsa" ||> Ssh_authorized_key <<| type => "dsa" ||> -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
