Skip to content

[BUG] states.ssh_auth.present can only manage one entry #61588

@iils-jschmidt

Description

@iils-jschmidt

Description
The doc of states.ssh_auth.present suggest that a users's authorized_keys file is checked against a provided key. If the key is not found it is added. However, instead of ensuring the mentioned key is present in the file, the file's contents are replaced with the ssh-key.

If this is intended behaviour it should be mentioned in the doc, but it is preassumably an error since an authorzied key file with only ever one entry is not how this file is supposed to work.

Setup

  asdf_user@srv1:
    ssh_auth.present:
      - user: asdf
      - name: SOME_ED25519_KEY
      - enc: ssh-ed25519
      - comment: user@srv1
  
  asdf_user@srv2:
    ssh_auth.present:
      - user: asdf
      - name: SOME_RSA_KEY
      - enc: ssh-rsa
      - comment: user@srv2

Steps to Reproduce the behavior
Call ssh_auth.present two times with different keys.

Expected behavior
Two keys are added to the authorized keys file. Old content is not overwritten. I think that what ssh_auth.manage is supposed to do.

Versions Report

salt --versions-report
Salt Version:
          Salt: 3004

Dependency Versions:
          cffi: 1.12.2
      cherrypy: unknown
      dateutil: 2.7.3
     docker-py: Not Installed
         gitdb: 2.0.5
     gitpython: 2.1.11
        Jinja2: 2.10
       libgit2: Not Installed
      M2Crypto: Not Installed
          Mako: Not Installed
       msgpack: 0.5.6
  msgpack-pure: Not Installed
  mysql-python: Not Installed
     pycparser: 2.19
      pycrypto: Not Installed
  pycryptodome: 3.6.1
        pygit2: Not Installed
        Python: 3.7.3 (default, Jan 22 2021, 20:04:44)
  python-gnupg: Not Installed
        PyYAML: 3.13
         PyZMQ: 17.1.2
         smmap: 2.0.5
       timelib: Not Installed
       Tornado: 4.5.3
           ZMQ: 4.3.1

System Versions:
          dist: debian 10 buster
        locale: UTF-8
       machine: x86_64
       release: 5.9.0-0.bpo.5-amd64
        system: Linux
       version: Debian GNU/Linux 10 buster

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugbroken, incorrect, or confusing behaviorneeds-triage

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions