0.17: ssh_auth adds ssh-rsa key to authorized_keys even though type is set to ecdsa

[Mrten]

This is from state.show_highstate():

 sshpubkey-mailbackup-root@backup-2:
        ----------
        __env__:
            base
        __sls__:
            virtual-users
        ssh_auth:
            ----------
            - name:
                AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbm...
            ----------
            - enc:
                dsa-sha2-nistp256
            ----------
            - comment:
                root@backup-2
            ----------
            - user:
                mailbackup
[...]

It shows enc to be of type ecdsa. However, it blindly puts ssh-rsa in the authorized_keys file...

no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ssh-rsa AAAA...

[Mrten]

Ahh.. copy/paste typo, I missed the 'ec' in front of the 'ecdsa'.
Can we please error out instead of resetting to a wrong default which sends you on a wild wild goose chase because ssh only logs an error that vaguely hints at this problem in DEBUG3 mode?

[basepi]

Yes, we should definitely tighten this process up, don't want to just fall back on a different key because of a typo. (Assuming I understood your problem right)

[Mrten]

The problem is that the key gets mangled, it says ssh-rsa in authorized_keys but is of course followed by an ECDSA pubkey. Which won't ever work but is entirely unobvious so will take hours to debug.

[basepi]

What, you can't tell the keys apart by sight? ;)

We'll get this fixed.

[cro]

Fixed in #7850