Project

General

Profile

Actions

Bug #5561

closed

"sshKeyDistribution" Technique keeps adding the same keys for ever

Added by Florian Heigl about 10 years ago. Updated over 9 years ago.

Status:
Released
Priority:
2
Assignee:
Jonathan CLARKE
Category:
Techniques
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
Name check:
Fix check:
Regression:

Description

(...the technique that keeps on giving)

I noticed that my user rule (contains adding user and adding a set of 3 ssh pubkeys) keeps getting "repaired" now.
It worked OK when I only had one key; after I extended it to add two more keys, it keeps adding the last one of them over and over again.

floh@rudderc2:~> sort -u .ssh/authorized_keys | wc -l
1
floh@rudderc2:~> wc -l .ssh/authorized_keys
129 .ssh/authorized_keys
floh@rudderc2:~> sort -u .ssh/authorized_keys | wc -l
1

Screenshot of directives attached.


Files


Related issues 2 (0 open2 closed)

Related to Rudder - Bug #5681: Technique "SSH keys distribution" 2.0 - adding large number of keys breaks the policy generationReleasedJonathan CLARKE2014-10-22Actions
Related to Rudder - Bug #5930: sshKeyDistribution creates 0 byte authorized_keys fileReleasedBenoît PECCATTE2014-12-05Actions
Actions #1

Updated by François ARMAND about 10 years ago

  • Assignee set to Nicolas CHARLES

Nicolas, any idean on that one ?

Actions #2

Updated by Matthieu CERDA about 10 years ago

  • Status changed from New to Pending technical review
  • Assignee changed from Nicolas CHARLES to Jonathan CLARKE
  • Target version set to 2.11.4
  • % Done changed from 0 to 100
  • Pull Request set to https://github.com/Normation/rudder-techniques/pull/535

This bug impacts CFEngine 3.6 only, so correcting on 2.11 branch.

PR is ready ! https://github.com/Normation/rudder-techniques/pull/535

Actions #3

Updated by Matthieu CERDA about 10 years ago

  • Status changed from Pending technical review to Pending release

Applied in changeset commit:8eefcd964a06addb4f263741c7105b5d66422986.

Actions #4

Updated by Matthieu CERDA about 10 years ago

Applied in changeset commit:12faa7e9a71c3b8d4db804841d8dc2c0a36e8f9b.

Actions #5

Updated by Fabrice FLORE-THÉBAULT about 10 years ago

It affects also 2.10.6, see my comments in #5681

Actions #6

Updated by Florian Heigl about 10 years ago

Fix seems OK, using version 3.0 technique.

Server:
rudder-techniques-2.11.4.rc1.git201410170359-1.SLES.11

Agent version:
rudder-agent-2.11.3.release-1.SLES.11

Actions #7

Updated by Florian Heigl about 10 years ago

[Comment has been removed as the author requested it, due to confidential information.]

Actions #8

Updated by Florian Heigl about 10 years ago

Florian Heigl wrote:

I applied the same update (server and agents) on the second lab now, getting coredumps there!

Version seems to not matter, i had it on:
rudder-agent-2.11.2.release-1.SLES.11
and:
rudder-agent-2.11.4.rc1.git201410170359-1.SLES.11

Also tried to see if it goes away if I add another key - > no.

@
$ cat coredump
2014-10-30T00:05:26+0100 verbose: /default/check_ssh_key_distribution/files/'/home/MY_USER_ID/.ssh/authorized_keys'/default/append_or_replace_ssh_key/vars: Evaluating promise 'dim_array'
2014-10-30T00:05:26+0100 verbose: /default/check_ssh_key_distribution/files/'/home/MY_USER_ID/.ssh/authorized_keys'/default/append_or_replace_ssh_key/vars: Evaluating promise 'eline'
2014-10-30T00:05:26+0100 verbose: /default/check_ssh_key_distribution/files/'/home/MY_USER_ID/.ssh/authorized_keys'/default/append_or_replace_ssh_key/vars: Evaluating promise 'ckey'
2014-10-30T00:05:26+0100 verbose: /default/check_ssh_key_distribution/files/'/home/MY_USER_ID/.ssh/authorized_keys'/default/append_or_replace_ssh_key/vars: Evaluating promise 'ekey'
2014-10-30T00:05:26+0100 verbose: /default/check_ssh_key_distribution/files/'/home/MY_USER_ID/.ssh/authorized_keys'/default/append_or_replace_ssh_key/insert_lines: Evaluating promise '${keyspec}'
2014-10-30T00:05:26+0100 verbose: /default/check_ssh_key_distribution/files/'/home/MY_USER_ID/.ssh/authorized_keys'/default/append_or_replace_ssh_key/insert_lines: Skipping next promise '${keyspec}', as ifvarclass 'REMOVED.' is not relevant
2014-10-30T00:05:26+0100 verbose: /default/check_ssh_key_distribution/files/'/home/MY_USER_ID/.ssh/authorized_keys'/default/append_or_replace_ssh_key/replace_patterns: Evaluating promise '^(?!${eline}$)(.*${ekey}.*)$'
2014-10-30T00:05:26+0100 verbose: /default/check_ssh_key_distribution/files/'/home/MY_USER_ID/.ssh/authorized_keys'/default/append_or_replace_ssh_key/replace_patterns/'^(?!ssh\-dss\ KEY REMOVED (.: KEY REMOVED )$'[0]: Comment 'Replace a key here'

MORE KEY STUFF REMOVED HERE.

  • buffer overflow detected ***: cf-agent terminated ======= Backtrace: =========
    /lib64/libc.so.6(_fortify_fail+0x37)[0x7f64e69c6a07]
    /lib64/libc.so.6(+0xef6a0)[0x7f64e69c46a0]
    cf-agent[0x442e02]
    cf-agent[0x443316]
    cf-agent[0x4439ae]
    cf-agent[0x41f9ec]
    cf-agent[0x453b40]
    cf-agent[0x41dc84]
    cf-agent[0x40bc27]
    cf-agent[0x40cacf]
    cf-agent[0x431d23]
    cf-agent[0x40d274]
    cf-agent[0x408c53]
    cf-agent[0x453b40]
    cf-agent[0x408614]
    cf-agent[0x40a712]
    /lib64/libc.so.6(
    _libc_start_main+0xe6)[0x7f64e68f3c16]
    cf-agent[0x4081a9] ======= Memory map: ========
    00400000-004ec000 r-xp 00000000 ca:03 907658 /var/rudder/cfengine-community/bin/cf-agent
    006eb000-006ec000 r--p 000eb000 ca:03 907658 /var/rudder/cfengine-community/bin/cf-agent
    006ec000-006f6000 rw-p 000ec000 ca:03 907658 /var/rudder/cfengine-community/bin/cf-agent
    006f6000-0142f000 rw-p 00000000 00:00 0 [heap]
    7f64e5846000-7f64e585b000 r-xp 00000000 ca:03 2003141 /lib64/libgcc_s.so.1
    7f64e585b000-7f64e5a5a000 ---p 00015000 ca:03 2003141 /lib64/libgcc_s.so.1
    7f64e5a5a000-7f64e5a5b000 r--p 00014000 ca:03 2003141 /lib64/libgcc_s.so.1
    7f64e5a5b000-7f64e5a5c000 rw-p 00015000 ca:03 2003141 /lib64/libgcc_s.so.1
    7f64e5a5c000-7f64e5a63000 r-xp 00000000 ca:03 2003136 /lib64/libnss_compat-2.11.3.so
    7f64e5a63000-7f64e5c62000 ---p 00007000 ca:03 2003136 /lib64/libnss_compat-2.11.3.so
    7f64e5c62000-7f64e5c63000 r--p 00006000 ca:03 2003136 /lib64/libnss_compat-2.11.3.so
    7f64e5c63000-7f64e5c64000 rw-p 00007000 ca:03 2003136 /lib64/libnss_compat-2.11.3.so
    7f64e5c64000-7f64e5c77000 r-xp 00000000 ca:03 2003155 /lib64/libresolv-2.11.3.so
    7f64e5c77000-7f64e5e77000 ---p 00013000 ca:03 2003155 /lib64/libresolv-2.11.3.so
    7f64e5e77000-7f64e5e78000 r--p 00013000 ca:03 2003155 /lib64/libresolv-2.11.3.so
    7f64e5e78000-7f64e5e79000 rw-p 00014000 ca:03 2003155 /lib64/libresolv-2.11.3.so
    7f64e5e79000-7f64e5e7b000 rw-p 00000000 00:00 0
    7f64e5e7b000-7f64e5e80000 r-xp 00000000 ca:03 2003167 /lib64/libnss_dns-2.11.3.so
    7f64e5e80000-7f64e607f000 ---p 00005000 ca:03 2003167 /lib64/libnss_dns-2.11.3.so
    7f64e607f000-7f64e6080000 r--p 00004000 ca:03 2003167 /lib64/libnss_dns-2.11.3.so
    7f64e6080000-7f64e6081000 rw-p 00005000 ca:03 2003167 /lib64/libnss_dns-2.11.3.so
    7f64e6081000-7f64e6096000 r-xp 00000000 ca:03 2003127 /lib64/libz.so.1.2.3
    7f64e6096000-7f64e6295000 ---p 00015000 ca:03 2003127 /lib64/libz.so.1.2.3
    7f64e6295000-7f64e6296000 r--p 00014000 ca:03 2003127 /lib64/libz.so.1.2.3
    7f64e6296000-7f64e6297000 rw-p 00015000 ca:03 2003127 /lib64/libz.so.1.2.3
    7f64e6297000-7f64e62a3000 r-xp 00000000 ca:03 2003220 /lib64/libnss_files-2.11.3.so
    7f64e62a3000-7f64e64a2000 ---p 0000c000 ca:03 2003220 /lib64/libnss_files-2.11.3.so
    7f64e64a2000-7f64e64a3000 r--p 0000b000 ca:03 2003220 /lib64/libnss_files-2.11.3.so
    7f64e64a3000-7f64e64a4000 rw-p 0000c000 ca:03 2003220 /lib64/libnss_files-2.11.3.so
    7f64e64a4000-7f64e64b9000 r-xp 00000000 ca:03 2003147 /lib64/libnsl-2.11.3.so
    7f64e64b9000-7f64e66b8000 ---p 00015000 ca:03 2003147 /lib64/libnsl-2.11.3.so
    7f64e66b8000-7f64e66b9000 r--p 00014000 ca:03 2003147 /lib64/libnsl-2.11.3.so
    7f64e66b9000-7f64e66ba000 rw-p 00015000 ca:03 2003147 /lib64/libnsl-2.11.3.so
    7f64e66ba000-7f64e66bc000 rw-p 00000000 00:00 0
    7f64e66bc000-7f64e66d3000 r-xp 00000000 ca:03 2003251 /lib64/libaudit.so.0.0.0
    7f64e66d3000-7f64e68d3000 ---p 00017000 ca:03 2003251 /lib64/libaudit.so.0.0.0
    7f64e68d3000-7f64e68d4000 r--p 00017000 ca:03 2003251 /lib64/libaudit.so.0.0.0
    7f64e68d4000-7f64e68d5000 rw-p 00018000 ca:03 2003251 /lib64/libaudit.so.0.0.0
    7f64e68d5000-7f64e6a44000 r-xp 00000000 ca:03 2003135 /lib64/libc-2.11.3.so
    7f64e6a44000-7f64e6c43000 ---p 0016f000 ca:03 2003135 /lib64/libc-2.11.3.so
    7f64e6c43000-7f64e6c47000 r--p 0016e000 ca:03 2003135 /lib64/libc-2.11.3.so
    7f64e6c47000-7f64e6c48000 rw-p 00172000 ca:03 2003135 /lib64/libc-2.11.3.so
    7f64e6c48000-7f64e6c4d000 rw-p 00000000 00:00 0
    7f64e6c4d000-7f64e6c64000 r-xp 00000000 ca:03 2003142 /lib64/libpthread-2.11.3.so
    7f64e6c64000-7f64e6e64000 ---p 00017000 ca:03 2003142 /lib64/libpthread-2.11.3.so
    7f64e6e64000-7f64e6e65000 r--p 00017000 ca:03 2003142 /lib64/libpthread-2.11.3.so
    7f64e6e65000-7f64e6e66000 rw-p 00018000 ca:03 2003142 /lib64/libpthread-2.11.3.so
    7f64e6e66000-7f64e6e6a000 rw-p 00000000 00:00 0
    7f64e6e6a000-7f64e6e6c000 r-xp 00000000 ca:03 2003322 /lib64/libdl-2.11.3.so
    7f64e6e6c000-7f64e706c000 ---p 00002000 ca:03 2003322 /lib64/libdl-2.11.3.so
    7f64e706c000-7f64e706d000 r--p 00002000 ca:03 2003322 /lib64/libdl-2.11.3.so
    7f64e706d000-7f64e706e000 rw-p 00003000 ca:03 2003322 /lib64/libdl-2.11.3.so
    7f64e706e000-7f64e71e1000 r-xp 00000000 ca:03 1947235 /usr/lib64/libcrypto.so.0.9.8
    7f64e71e1000-7f64e73e0000 ---p 00173000 ca:03 1947235 /usr/lib64/libcrypto.so.0.9.8
    7f64e73e0000-7f64e73f0000 r--p 00172000 ca:03 1947235 /usr/lib64/libcrypto.so.0.9.8
    7f64e73f0000-7f64e7409000 rw-p 00182000 ca:03 1947235 /usr/lib64/libcrypto.so.0.9.8
    7f64e7409000-7f64e740d000 rw-p 00000000 00:00 0
    7f64e740d000-7f64e745c000 r-xp 00000000 ca:03 1947236 /usr/lib64/libssl.so.0.9.8
    7f64e745c000-7f64e765b000 ---p 0004f000 ca:03 1947236 /usr/lib64/libssl.so.0.9.8
    7f64e765b000-7f64e765d000 r--p 0004e000 ca:03 1947236 /usr/lib64/libssl.so.0.9.8
    7f64e765d000-7f64e7663000 rw-p 00050000 ca:03 1947236 /usr/lib64/libssl.so.0.9.8
    7f64e7663000-7f64e7692000 r-xp 00000000 ca:03 1946950 /usr/lib64/libpcre.so.0.0.1
    7f64e7692000-7f64e7891000 ---p 0002f000 ca:03 1946950 /usr/lib64/libpcre.so.0.0.1
    7f64e7891000-7f64e7892000 r--p 0002e000 ca:03 1946950 /usr/lib64/libpcre.so.0.0.1
    7f64e7892000-7f64e7893000 rw-p 0002f000 ca:03 1946950 /usr/lib64/libpcre.so.0.0.1
    7f64e7893000-7f64e78a4000 r-xp 00000000 ca:03 2469789 /opt/rudder/lib/liblmdb.so
    7f64e78a4000-7f64e7aa3000 ---p 00011000 ca:03 2469789 /opt/rudder/lib/liblmdb.so
    7f64e7aa3000-7f64e7aa4000 r--p 00010000 ca:03 2469789 /opt/rudder/lib/liblmdb.so
    7f64e7aa4000-7f64e7aa5000 rw-p 00011000 ca:03 2469789 /opt/rudder/lib/liblmdb.so
    7f64e7aa5000-7f64e7b00000 r-xp 00000000 ca:03 2003222 /lib64/libm-2.11.3.so
    7f64e7b00000-7f64e7cff000 ---p 0005b000 ca:03 2003222 /lib64/libm-2.11.3.so
    7f64e7cff000-7f64e7d00000 r--p 0005a000 ca:03 2003222 /lib64/libm-2.11.3.so
    7f64e7d00000-7f64e7d1e000 rw-p 0005b000 ca:03 2003222 /lib64/libm-2.11.3.so
    7f64e7d1e000-7f64e7d26000 r-xp 00000000 ca:03 2003129 /lib64/librt-2.11.3.so
    7f64e7d26000-7f64e7f25000 ---p 00008000 ca:03 2003129 /lib64/librt-2.11.3.so
    7f64e7f25000-7f64e7f26000 r--p 00007000 ca:03 2003129 /lib64/librt-2.11.3.so
    7f64e7f26000-7f64e7f27000 rw-p 00008000 ca:03 2003129 /lib64/librt-2.11.3.so
    7f64e7f27000-7f64e7f31000 r-xp 00000000 ca:03 2003335 /lib64/libnss_nis-2.11.3.so
    7f64e7f31000-7f64e8130000 ---p 0000a000 ca:03 2003335 /lib64/libnss_nis-2.11.3.so
    7f64e8130000-7f64e8131000 r--p 00009000 ca:03 2003335 /lib64/libnss_nis-2.11.3.so
    7f64e8131000-7f64e8132000 rw-p 0000a000 ca:03 2003335 /lib64/libnss_nis-2.11.3.so
    7f64e8132000-7f64e813f000 r-xp 00000000 ca:03 2003413 /lib64/libpam.so.0.83.1
    7f64e813f000-7f64e833e000 ---p 0000d000 ca:03 2003413 /lib64/libpam.so.0.83.1
    7f64e833e000-7f64e833f000 r--p 0000c000 ca:03 2003413 /lib64/libpam.so.0.83.1
    7f64e833f000-7f64e8340000 rw-p 0000d000 ca:03 2003413 /lib64/libpam.so.0.83.1
    7f64e8340000-7f64e835f000 r-xp 00000000 ca:03 2003509 /lib64/ld-2.11.3.so
    7f64e8549000-7f64e8552000 rw-p 00000000 00:00 0
    7f64e855c000-7f64e855e000 rw-p 00000000 00:00 0
    7f64e855e000-7f64e855f000 r--p 0001e000 ca:03 2003509 /lib64/ld-2.11.3.so
    7f64e855f000-7f64e8560000 rw-p 0001f000 ca:03 2003509 /lib64/ld-2.11.3.so
    7f64e8560000-7f64e8561000 rw-p 00000000 00:00 0
    7fffe6845000-7fffe68a3000 rw-p 00000000 00:00 0 [stack]
    7fffe69ce000-7fffe69cf000 r-xp 00000000 00:00 0 [vdso]
    ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
    Aborted (core dumped)
    @
Actions #9

Updated by Florian Heigl about 10 years ago

replacing the existing key with random text made it not dump core.
number of lines also didn't matter.

Content is now like this:

just a test.
just a test.
and another line of testing.
just a test.
and another line of testing.

(source content is

just a test.
and another line of testing.

maybe this only happening because I'm testing with random text now. Coredump is with proper key anyway. :/
No idea.

Actions #10

Updated by Florian Heigl about 10 years ago

This is apparently triggered by the length of the key.

wc -c .ssh/id_rsa.pub
737 .ssh/id_rsa.pub -> is OK

wc -c .ssh/id_dsa.pub
605 .ssh/id_dsa.pub -> is OK

wc -c .ssh/id_dsa.pub
1119 .ssh/id_dsa.pub -> coredump

seriously? :)

Actions #11

Updated by Nicolas CHARLES about 10 years ago

ok, i'm able to reproduce the issue; it's the class definition that fails.
The ticket for the Segfault issue is http://www.rudder-project.org/redmine/issues/5681

Actions #12

Updated by Vincent MEMBRÉ about 10 years ago

  • Subject changed from Remote Access SSH keeps adding same keys to "sshKeyDistribution" Technique keeps adding the same keys
Actions #13

Updated by Vincent MEMBRÉ about 10 years ago

  • Subject changed from "sshKeyDistribution" Technique keeps adding the same keys to "sshKeyDistribution" Technique keeps adding the same keys for ever
Actions #14

Updated by Vincent MEMBRÉ about 10 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 2.11.4, which was released today.

Actions #15

Updated by Benoît PECCATTE over 9 years ago

  • Project changed from 24 to Rudder
  • Category changed from Techniques to Techniques
Actions

Also available in: Atom PDF