1

I am using Puppet to manage SSH keys on all my devices including a bunch of Raspberry Pi's but only the Raspberry Pi's are complaining about the ssh_authorized_key type missing.

Warning: /Stage[main]/Profile::Users/User[username]: Ssh_authorized_key type is not available. Cannot purge SSH keys.

I am using puppet and puppetserver 6.0.2 across the environment and my Raspberry Pi's are all running raspbian and are up-to-date as far as using stretch packages go.

Any idea's why the type is not available?

Laywah
  • 99
  • 7

2 Answers2

2

You need to have the puppetlabs/sshkeys_core module installed if using Puppet 6.x as the type was split out from the core (along with a few other types).

bodgit
  • 4,751
  • 16
  • 27
  • Thanks Bodgit. I have added the module to my Puppetfile and tested. this did the trick. I am still not sure why it worked on Fedora without this mod but failed to work on raspbian. I am guessing its got something to do with me installing puppet through the the `gem install puppet` command on raspbian. – Laywah Feb 24 '19 at 23:22
  • If you have Puppet < 6.x installed on Fedora then that would still ship with the `ssh_authorized_key` type so you wouldn't get a warning there. How you installed Puppet shouldn't really matter. – bodgit Feb 25 '19 at 08:44
0

"Type" is a field in the ssh_authorized_key resource. It's source is the text of the ssh key itself (~/.ssh/authorized_keys file).

From puppet documentation:

ssh_authorized_key { 'nick@magpie.example.com':
ensure => present,
user   => 'nick',
type   => 'ssh-rsa',
key    => 'AAAAB3Nza[...]qXfdaQ==',
}

Type is like ssh-rsa or ssh-dsa for example.

So your key entry should look like this: 

ssh-rsa AAAAB3Nza[...]qXfdaQ== nick@magpie.example.com

If the first part, "ssh-rsa" is missing, this could be one reason you're getting that message. If the first part is there, but it is not a supported key type for your raspberry pis' OS, this is the other reason you could get this message. Check the software doc for what you are running on your raspberry pi to see what type of keys are supported.

PatrickTaylor
  • 121
  • 4
  • Thanks for the response but this doesn't work. I have got this in my puppet file. It works on my fedora hosts. just not on raspbian. when I do a puppet run i get the following error `Warning: /Stage[main]/Profile::Users/User[username]: Ssh_authorized_key type is not available. Cannot purge SSH keys.` – Laywah Feb 23 '19 at 05:45