Thank you for your answer and the link to the current issue, The solution you offered is what I am currently doing,
Thanks again, On Monday, December 3, 2012 12:31:45 AM UTC+1, Stefan Schulte wrote: > > On Sat, Dec 01, 2012 at 09:58:43AM -0800, Yanis Guenane wrote: > > When I apply a sshkey resource I do obtain the /etc/ssh/ssh_known_hosts > > file, but it is not world reable. > > > > According to the ssh man page, > > > > /etc/ssh/ssh_known_hosts > > > Systemwide list of known host keys. This file should be > > > prepared by the system administrator to contain the public host keys > of all > > > machines in the organization. It should be world-readable. See > sshd(8) > > > for further details of the format of this file. > > > > > > > Is there any specific reason why when Puppet generates it it is only > user > > (root) Readable and Writable ? Security maybe ? > > > > No it is a bug http://projects.puppetlabs.com/issues/2014 that happens > when the file was not present before and the sshkey provider needs to > create it first. > > You can use a file resource to actually set the correct permissions, > like > > file { '/etc/ssh/ssh_known_hosts': > ensure => file, > owner => 'root', > group => 'root', > mode => '0644', > } > > Now the owner/group/mode are controlled with your file resource while > the actual content is controlled by your sshkey resources. > > -Stefan > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/O87Np-m-1lkJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
