“rudder agent history” doesn't tell much.
Most of the times the agent runs with “Compliant” for SSH keys, but every so often :
It shows 2 repairs for “sshKeyDistribution” where it seems to have modified the files contents (where it shouldn't as nothing has changed) then the 2 following errors :
E| error sshKeyDistribution Flush SSH file michel michel RSA The keys for user michel could not be flushed
E| error sshKeyDistribution Flush SSH file root michel RSA The keys for user root could not be flushed
The relevant parts of cfengine-community/outputs/cf_vpn1__1747286851_Thu_May_15_07_27_31_2025_0 (on considered node) seems to be :
Close to the beginning :
rudder info: Deleted the promised line 1 'ssh-rsa <some_SSH_public_key>' from /var/rudder/tmp/check_ssh_key_distribution//michel.authorized_keys.tmp
rudder info: delete_lines promise '.*' repaired
rudder info: Moved '/var/rudder/tmp/check_ssh_key_distribution//michel.authorized_keys.tmp.cf-before-edit' to repository location '/var/rudder/modified-files/_var_rudder_tmp_check_ssh_key_distribution__michel_authorized_keys_tmp_cf_before_edit'
rudder info: Edited file '/var/rudder/tmp/check_ssh_key_distribution//michel.authorized_keys.tmp'
rudder info: Deleted the promised line 1 'ssh-rsa <some_SSH_public_key>' from /var/rudder/tmp/check_ssh_key_distribution//root.authorized_keys.tmp
rudder info: delete_lines promise '.*' repaired
rudder info: Moved '/var/rudder/tmp/check_ssh_key_distribution//root.authorized_keys.tmp.cf-before-edit' to repository location '/var/rudder/modified-files/_var_rudder_tmp_check_ssh_key_distribution__root_authorized_keys_tmp_cf_before_edit'
rudder info: Edited file '/var/rudder/tmp/check_ssh_key_distribution//root.authorized_keys.tmp'
Then :
rudder info: insert_lines promise 'ssh-rsa <some_SSH_public_key>' repaired
rudder info: Moved '/home/michel/.ssh/authorized_keys.cf-before-edit' to repository location '/var/rudder/modified-files/_home_michel__ssh_authorized_keys_cf_before_edit'
rudder info: Edited file '/home/michel/.ssh/authorized_keys'
rudder info: Inserted the promised line 'ssh-rsa <some_SSH_public_key>' into '/root/.ssh/authorized_keys' after locator
rudder info: insert_lines promise 'ssh-rsa <some_SSH_public_key>' repaired
rudder info: Moved '/root/.ssh/authorized_keys.cf-before-edit' to repository location '/var/rudder/modified-files/_root__ssh_authorized_keys_cf_before_edit'
rudder info: Edited file '/root/.ssh/authorized_keys'
error: File '/var/rudder/tmp/check_ssh_key_distribution//michel.authorized_keys.tmp' was marked for editing but could not be opened
error: Errors encountered when actuating files promise '/var/rudder/tmp/check_ssh_key_distribution//michel.authorized_keys.tmp'
error: File '/var/rudder/tmp/check_ssh_key_distribution//root.authorized_keys.tmp' was marked for editing but could not be opened
error: Errors encountered when actuating files promise '/var/rudder/tmp/check_ssh_key_distribution//root.authorized_keys.tmp'
R: @@sshKeyDistribution@@result_repaired@@0caa2ab2-67a0-441e-80b5-be02e602b678@@2df3bf3a-d2d5-4c3d-97df-d8df68d2bcf2@@0@@SSH key@@michel michel RSA@@2025-05-15 05:27:33+00:00##ddb6665c-35d4-48c4-af44-f7d9cc0a6f29@#SSH key "michel michel RSA" for user michel was repaired
R: @@sshKeyDistribution@@result_repaired@@0caa2ab2-67a0-441e-80b5-be02e602b678@@2df3bf3a-d2d5-4c3d-97df-d8df68d2bcf2@@0@@SSH key@@root michel RSA@@2025-05-15 05:27:33+00:00##ddb6665c-35d4-48c4-af44-f7d9cc0a6f29@#SSH key "root michel RSA" for user root was repaired
Then close to the end:
error: Can't stat file '/var/rudder/tmp/check_ssh_key_distribution//michel.authorized_keys.tmp' on 'localhost' in files.copy_from promise, it may be missing or access may not be authorized
error: Errors encountered when actuating files promise '/home/michel/.ssh/authorized_keys'
error: Can't stat file '/var/rudder/tmp/check_ssh_key_distribution//root.authorized_keys.tmp' on 'localhost' in files.copy_from promise, it may be missing or access may not be authorized
error: Errors encountered when actuating files promise '/root/.ssh/authorized_keys'
R: @@sshKeyDistribution@@result_error@@0caa2ab2-67a0-441e-80b5-be02e602b678@@2df3bf3a-d2d5-4c3d-97df-d8df68d2bcf2@@0@@Flush SSH file@@michel michel RSA@@2025-05-15 05:27:33+00:00##ddb6665c-35d4-48c4-af44-f7d9cc0a6f29@#The keys for user michel could not be flushed
R: @@sshKeyDistribution@@result_error@@0caa2ab2-67a0-441e-80b5-be02e602b678@@2df3bf3a-d2d5-4c3d-97df-d8df68d2bcf2@@0@@Flush SSH file@@root michel RSA@@2025-05-15 05:27:33+00:00##ddb6665c-35d4-48c4-af44-f7d9cc0a6f29@#The keys for user root could not be flushed
Updated by 
Updated by 
Updated by 
