Bug #5561
closed"sshKeyDistribution" Technique keeps adding the same keys for ever
Description
(...the technique that keeps on giving)
I noticed that my user rule (contains adding user and adding a set of 3 ssh pubkeys) keeps getting "repaired" now.
It worked OK when I only had one key; after I extended it to add two more keys, it keeps adding the last one of them over and over again.
floh@rudderc2:~> sort -u .ssh/authorized_keys | wc -l
1
floh@rudderc2:~> wc -l .ssh/authorized_keys
129 .ssh/authorized_keys
floh@rudderc2:~> sort -u .ssh/authorized_keys | wc -l
1
Screenshot of directives attached.
Files
Updated by François ARMAND over 10 years ago
- Assignee set to Nicolas CHARLES
Nicolas, any idean on that one ?
Updated by Matthieu CERDA about 10 years ago
- Status changed from New to Pending technical review
- Assignee changed from Nicolas CHARLES to Jonathan CLARKE
- Target version set to 2.11.4
- % Done changed from 0 to 100
- Pull Request set to https://github.com/Normation/rudder-techniques/pull/535
This bug impacts CFEngine 3.6 only, so correcting on 2.11 branch.
PR is ready ! https://github.com/Normation/rudder-techniques/pull/535
Updated by Matthieu CERDA about 10 years ago
- Status changed from Pending technical review to Pending release
Applied in changeset commit:8eefcd964a06addb4f263741c7105b5d66422986.
Updated by Matthieu CERDA about 10 years ago
Applied in changeset commit:12faa7e9a71c3b8d4db804841d8dc2c0a36e8f9b.
Updated by Fabrice FLORE-THÉBAULT about 10 years ago
It affects also 2.10.6, see my comments in #5681
Updated by Florian Heigl about 10 years ago
Fix seems OK, using version 3.0 technique.
Server:
rudder-techniques-2.11.4.rc1.git201410170359-1.SLES.11
Agent version:
rudder-agent-2.11.3.release-1.SLES.11
Updated by Florian Heigl about 10 years ago
[Comment has been removed as the author requested it, due to confidential information.]
Updated by Florian Heigl about 10 years ago
Florian Heigl wrote:
I applied the same update (server and agents) on the second lab now, getting coredumps there!
Version seems to not matter, i had it on:
rudder-agent-2.11.2.release-1.SLES.11
and:
rudder-agent-2.11.4.rc1.git201410170359-1.SLES.11Also tried to see if it goes away if I add another key - > no.
@
$ cat coredump
2014-10-30T00:05:26+0100 verbose: /default/check_ssh_key_distribution/files/'/home/MY_USER_ID/.ssh/authorized_keys'/default/append_or_replace_ssh_key/vars: Evaluating promise 'dim_array'
2014-10-30T00:05:26+0100 verbose: /default/check_ssh_key_distribution/files/'/home/MY_USER_ID/.ssh/authorized_keys'/default/append_or_replace_ssh_key/vars: Evaluating promise 'eline'
2014-10-30T00:05:26+0100 verbose: /default/check_ssh_key_distribution/files/'/home/MY_USER_ID/.ssh/authorized_keys'/default/append_or_replace_ssh_key/vars: Evaluating promise 'ckey'
2014-10-30T00:05:26+0100 verbose: /default/check_ssh_key_distribution/files/'/home/MY_USER_ID/.ssh/authorized_keys'/default/append_or_replace_ssh_key/vars: Evaluating promise 'ekey'
2014-10-30T00:05:26+0100 verbose: /default/check_ssh_key_distribution/files/'/home/MY_USER_ID/.ssh/authorized_keys'/default/append_or_replace_ssh_key/insert_lines: Evaluating promise '${keyspec}'
2014-10-30T00:05:26+0100 verbose: /default/check_ssh_key_distribution/files/'/home/MY_USER_ID/.ssh/authorized_keys'/default/append_or_replace_ssh_key/insert_lines: Skipping next promise '${keyspec}', as ifvarclass 'REMOVED.' is not relevant
2014-10-30T00:05:26+0100 verbose: /default/check_ssh_key_distribution/files/'/home/MY_USER_ID/.ssh/authorized_keys'/default/append_or_replace_ssh_key/replace_patterns: Evaluating promise '^(?!${eline}$)(.*${ekey}.*)$'
2014-10-30T00:05:26+0100 verbose: /default/check_ssh_key_distribution/files/'/home/MY_USER_ID/.ssh/authorized_keys'/default/append_or_replace_ssh_key/replace_patterns/'^(?!ssh\-dss\ KEY REMOVED (.: KEY REMOVED )$'[0]: Comment 'Replace a key here'MORE KEY STUFF REMOVED HERE.
- buffer overflow detected ***: cf-agent terminated ======= Backtrace: =========
/lib64/libc.so.6(_fortify_fail+0x37)[0x7f64e69c6a07]
/lib64/libc.so.6(+0xef6a0)[0x7f64e69c46a0]
cf-agent[0x442e02]
cf-agent[0x443316]
cf-agent[0x4439ae]
cf-agent[0x41f9ec]
cf-agent[0x453b40]
cf-agent[0x41dc84]
cf-agent[0x40bc27]
cf-agent[0x40cacf]
cf-agent[0x431d23]
cf-agent[0x40d274]
cf-agent[0x408c53]
cf-agent[0x453b40]
cf-agent[0x408614]
cf-agent[0x40a712]
/lib64/libc.so.6(_libc_start_main+0xe6)[0x7f64e68f3c16]
cf-agent[0x4081a9] ======= Memory map: ========
00400000-004ec000 r-xp 00000000 ca:03 907658 /var/rudder/cfengine-community/bin/cf-agent
006eb000-006ec000 r--p 000eb000 ca:03 907658 /var/rudder/cfengine-community/bin/cf-agent
006ec000-006f6000 rw-p 000ec000 ca:03 907658 /var/rudder/cfengine-community/bin/cf-agent
006f6000-0142f000 rw-p 00000000 00:00 0 [heap]
7f64e5846000-7f64e585b000 r-xp 00000000 ca:03 2003141 /lib64/libgcc_s.so.1
7f64e585b000-7f64e5a5a000 ---p 00015000 ca:03 2003141 /lib64/libgcc_s.so.1
7f64e5a5a000-7f64e5a5b000 r--p 00014000 ca:03 2003141 /lib64/libgcc_s.so.1
7f64e5a5b000-7f64e5a5c000 rw-p 00015000 ca:03 2003141 /lib64/libgcc_s.so.1
7f64e5a5c000-7f64e5a63000 r-xp 00000000 ca:03 2003136 /lib64/libnss_compat-2.11.3.so
7f64e5a63000-7f64e5c62000 ---p 00007000 ca:03 2003136 /lib64/libnss_compat-2.11.3.so
7f64e5c62000-7f64e5c63000 r--p 00006000 ca:03 2003136 /lib64/libnss_compat-2.11.3.so
7f64e5c63000-7f64e5c64000 rw-p 00007000 ca:03 2003136 /lib64/libnss_compat-2.11.3.so
7f64e5c64000-7f64e5c77000 r-xp 00000000 ca:03 2003155 /lib64/libresolv-2.11.3.so
7f64e5c77000-7f64e5e77000 ---p 00013000 ca:03 2003155 /lib64/libresolv-2.11.3.so
7f64e5e77000-7f64e5e78000 r--p 00013000 ca:03 2003155 /lib64/libresolv-2.11.3.so
7f64e5e78000-7f64e5e79000 rw-p 00014000 ca:03 2003155 /lib64/libresolv-2.11.3.so
7f64e5e79000-7f64e5e7b000 rw-p 00000000 00:00 0
7f64e5e7b000-7f64e5e80000 r-xp 00000000 ca:03 2003167 /lib64/libnss_dns-2.11.3.so
7f64e5e80000-7f64e607f000 ---p 00005000 ca:03 2003167 /lib64/libnss_dns-2.11.3.so
7f64e607f000-7f64e6080000 r--p 00004000 ca:03 2003167 /lib64/libnss_dns-2.11.3.so
7f64e6080000-7f64e6081000 rw-p 00005000 ca:03 2003167 /lib64/libnss_dns-2.11.3.so
7f64e6081000-7f64e6096000 r-xp 00000000 ca:03 2003127 /lib64/libz.so.1.2.3
7f64e6096000-7f64e6295000 ---p 00015000 ca:03 2003127 /lib64/libz.so.1.2.3
7f64e6295000-7f64e6296000 r--p 00014000 ca:03 2003127 /lib64/libz.so.1.2.3
7f64e6296000-7f64e6297000 rw-p 00015000 ca:03 2003127 /lib64/libz.so.1.2.3
7f64e6297000-7f64e62a3000 r-xp 00000000 ca:03 2003220 /lib64/libnss_files-2.11.3.so
7f64e62a3000-7f64e64a2000 ---p 0000c000 ca:03 2003220 /lib64/libnss_files-2.11.3.so
7f64e64a2000-7f64e64a3000 r--p 0000b000 ca:03 2003220 /lib64/libnss_files-2.11.3.so
7f64e64a3000-7f64e64a4000 rw-p 0000c000 ca:03 2003220 /lib64/libnss_files-2.11.3.so
7f64e64a4000-7f64e64b9000 r-xp 00000000 ca:03 2003147 /lib64/libnsl-2.11.3.so
7f64e64b9000-7f64e66b8000 ---p 00015000 ca:03 2003147 /lib64/libnsl-2.11.3.so
7f64e66b8000-7f64e66b9000 r--p 00014000 ca:03 2003147 /lib64/libnsl-2.11.3.so
7f64e66b9000-7f64e66ba000 rw-p 00015000 ca:03 2003147 /lib64/libnsl-2.11.3.so
7f64e66ba000-7f64e66bc000 rw-p 00000000 00:00 0
7f64e66bc000-7f64e66d3000 r-xp 00000000 ca:03 2003251 /lib64/libaudit.so.0.0.0
7f64e66d3000-7f64e68d3000 ---p 00017000 ca:03 2003251 /lib64/libaudit.so.0.0.0
7f64e68d3000-7f64e68d4000 r--p 00017000 ca:03 2003251 /lib64/libaudit.so.0.0.0
7f64e68d4000-7f64e68d5000 rw-p 00018000 ca:03 2003251 /lib64/libaudit.so.0.0.0
7f64e68d5000-7f64e6a44000 r-xp 00000000 ca:03 2003135 /lib64/libc-2.11.3.so
7f64e6a44000-7f64e6c43000 ---p 0016f000 ca:03 2003135 /lib64/libc-2.11.3.so
7f64e6c43000-7f64e6c47000 r--p 0016e000 ca:03 2003135 /lib64/libc-2.11.3.so
7f64e6c47000-7f64e6c48000 rw-p 00172000 ca:03 2003135 /lib64/libc-2.11.3.so
7f64e6c48000-7f64e6c4d000 rw-p 00000000 00:00 0
7f64e6c4d000-7f64e6c64000 r-xp 00000000 ca:03 2003142 /lib64/libpthread-2.11.3.so
7f64e6c64000-7f64e6e64000 ---p 00017000 ca:03 2003142 /lib64/libpthread-2.11.3.so
7f64e6e64000-7f64e6e65000 r--p 00017000 ca:03 2003142 /lib64/libpthread-2.11.3.so
7f64e6e65000-7f64e6e66000 rw-p 00018000 ca:03 2003142 /lib64/libpthread-2.11.3.so
7f64e6e66000-7f64e6e6a000 rw-p 00000000 00:00 0
7f64e6e6a000-7f64e6e6c000 r-xp 00000000 ca:03 2003322 /lib64/libdl-2.11.3.so
7f64e6e6c000-7f64e706c000 ---p 00002000 ca:03 2003322 /lib64/libdl-2.11.3.so
7f64e706c000-7f64e706d000 r--p 00002000 ca:03 2003322 /lib64/libdl-2.11.3.so
7f64e706d000-7f64e706e000 rw-p 00003000 ca:03 2003322 /lib64/libdl-2.11.3.so
7f64e706e000-7f64e71e1000 r-xp 00000000 ca:03 1947235 /usr/lib64/libcrypto.so.0.9.8
7f64e71e1000-7f64e73e0000 ---p 00173000 ca:03 1947235 /usr/lib64/libcrypto.so.0.9.8
7f64e73e0000-7f64e73f0000 r--p 00172000 ca:03 1947235 /usr/lib64/libcrypto.so.0.9.8
7f64e73f0000-7f64e7409000 rw-p 00182000 ca:03 1947235 /usr/lib64/libcrypto.so.0.9.8
7f64e7409000-7f64e740d000 rw-p 00000000 00:00 0
7f64e740d000-7f64e745c000 r-xp 00000000 ca:03 1947236 /usr/lib64/libssl.so.0.9.8
7f64e745c000-7f64e765b000 ---p 0004f000 ca:03 1947236 /usr/lib64/libssl.so.0.9.8
7f64e765b000-7f64e765d000 r--p 0004e000 ca:03 1947236 /usr/lib64/libssl.so.0.9.8
7f64e765d000-7f64e7663000 rw-p 00050000 ca:03 1947236 /usr/lib64/libssl.so.0.9.8
7f64e7663000-7f64e7692000 r-xp 00000000 ca:03 1946950 /usr/lib64/libpcre.so.0.0.1
7f64e7692000-7f64e7891000 ---p 0002f000 ca:03 1946950 /usr/lib64/libpcre.so.0.0.1
7f64e7891000-7f64e7892000 r--p 0002e000 ca:03 1946950 /usr/lib64/libpcre.so.0.0.1
7f64e7892000-7f64e7893000 rw-p 0002f000 ca:03 1946950 /usr/lib64/libpcre.so.0.0.1
7f64e7893000-7f64e78a4000 r-xp 00000000 ca:03 2469789 /opt/rudder/lib/liblmdb.so
7f64e78a4000-7f64e7aa3000 ---p 00011000 ca:03 2469789 /opt/rudder/lib/liblmdb.so
7f64e7aa3000-7f64e7aa4000 r--p 00010000 ca:03 2469789 /opt/rudder/lib/liblmdb.so
7f64e7aa4000-7f64e7aa5000 rw-p 00011000 ca:03 2469789 /opt/rudder/lib/liblmdb.so
7f64e7aa5000-7f64e7b00000 r-xp 00000000 ca:03 2003222 /lib64/libm-2.11.3.so
7f64e7b00000-7f64e7cff000 ---p 0005b000 ca:03 2003222 /lib64/libm-2.11.3.so
7f64e7cff000-7f64e7d00000 r--p 0005a000 ca:03 2003222 /lib64/libm-2.11.3.so
7f64e7d00000-7f64e7d1e000 rw-p 0005b000 ca:03 2003222 /lib64/libm-2.11.3.so
7f64e7d1e000-7f64e7d26000 r-xp 00000000 ca:03 2003129 /lib64/librt-2.11.3.so
7f64e7d26000-7f64e7f25000 ---p 00008000 ca:03 2003129 /lib64/librt-2.11.3.so
7f64e7f25000-7f64e7f26000 r--p 00007000 ca:03 2003129 /lib64/librt-2.11.3.so
7f64e7f26000-7f64e7f27000 rw-p 00008000 ca:03 2003129 /lib64/librt-2.11.3.so
7f64e7f27000-7f64e7f31000 r-xp 00000000 ca:03 2003335 /lib64/libnss_nis-2.11.3.so
7f64e7f31000-7f64e8130000 ---p 0000a000 ca:03 2003335 /lib64/libnss_nis-2.11.3.so
7f64e8130000-7f64e8131000 r--p 00009000 ca:03 2003335 /lib64/libnss_nis-2.11.3.so
7f64e8131000-7f64e8132000 rw-p 0000a000 ca:03 2003335 /lib64/libnss_nis-2.11.3.so
7f64e8132000-7f64e813f000 r-xp 00000000 ca:03 2003413 /lib64/libpam.so.0.83.1
7f64e813f000-7f64e833e000 ---p 0000d000 ca:03 2003413 /lib64/libpam.so.0.83.1
7f64e833e000-7f64e833f000 r--p 0000c000 ca:03 2003413 /lib64/libpam.so.0.83.1
7f64e833f000-7f64e8340000 rw-p 0000d000 ca:03 2003413 /lib64/libpam.so.0.83.1
7f64e8340000-7f64e835f000 r-xp 00000000 ca:03 2003509 /lib64/ld-2.11.3.so
7f64e8549000-7f64e8552000 rw-p 00000000 00:00 0
7f64e855c000-7f64e855e000 rw-p 00000000 00:00 0
7f64e855e000-7f64e855f000 r--p 0001e000 ca:03 2003509 /lib64/ld-2.11.3.so
7f64e855f000-7f64e8560000 rw-p 0001f000 ca:03 2003509 /lib64/ld-2.11.3.so
7f64e8560000-7f64e8561000 rw-p 00000000 00:00 0
7fffe6845000-7fffe68a3000 rw-p 00000000 00:00 0 [stack]
7fffe69ce000-7fffe69cf000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
Aborted (core dumped)
@
Updated by Florian Heigl about 10 years ago
replacing the existing key with random text made it not dump core.
number of lines also didn't matter.
Content is now like this:
just a test.
just a test.
and another line of testing.
just a test.
and another line of testing.
(source content is
just a test.
and another line of testing.
maybe this only happening because I'm testing with random text now. Coredump is with proper key anyway. :/
No idea.
Updated by Florian Heigl about 10 years ago
This is apparently triggered by the length of the key.
wc -c .ssh/id_rsa.pub
737 .ssh/id_rsa.pub -> is OK
wc -c .ssh/id_dsa.pub
605 .ssh/id_dsa.pub -> is OK
wc -c .ssh/id_dsa.pub
1119 .ssh/id_dsa.pub -> coredump
seriously? :)
Updated by Nicolas CHARLES about 10 years ago
ok, i'm able to reproduce the issue; it's the class definition that fails.
The ticket for the Segfault issue is http://www.rudder-project.org/redmine/issues/5681
Updated by Vincent MEMBRÉ about 10 years ago
- Subject changed from Remote Access SSH keeps adding same keys to "sshKeyDistribution" Technique keeps adding the same keys
Updated by Vincent MEMBRÉ about 10 years ago
- Subject changed from "sshKeyDistribution" Technique keeps adding the same keys to "sshKeyDistribution" Technique keeps adding the same keys for ever
Updated by Vincent MEMBRÉ about 10 years ago
- Status changed from Pending release to Released
This bug has been fixed in Rudder 2.11.4, which was released today.
- Announcement
- Changelog
- Download information: https://www.rudder-project.org/site/get-rudder/downloads/
Updated by Benoît PECCATTE almost 10 years ago
- Project changed from 24 to Rudder
- Category changed from Techniques to Techniques