So, I'm receiving this error running the recipe:

Error executing action create on resource 'ssh_known_hosts_entry[github.com]'

NoMethodError

undefined method `resource_collection' for nil:NilClass

For the record, I added the cookbook metadata.rb :
depends 'ssh_known_hosts'

and in the recipe I use it as:
ssh_known_hosts_entry 'github.com'

I'm using AWS opsworks chef which is version 12.

SO: Ubuntu 16.04

Any idea what could be causing this?

Cookbook version

6.1.3

Chef-client version

12.22.4

Scenario:

 Resource Declaration:
    ---------------------
    # In /var/chef/cache/cookbooks/mycookbook/recipes/_deploy.rb

      5: ssh_known_hosts_entry 'github.com' do
      6:   action :flush
      7: end
      8:

Expected Result:

Adds entry during runtime.

Actual Result:

  * ssh_known_hosts_entry[github.com] action flush

   ================================================================================
    Error executing action `flush` on resource 'ssh_known_hosts_entry[github.com]'
    ================================================================================

    Chef::Exceptions::ResourceNotFound
    ----------------------------------
    Cannot find a resource matching template[update ssh known hosts file /etc/ssh/ssh_known_hosts] (did you define it first?)

    Cookbook Trace:
    ---------------
    /var/chef/cache/cookbooks/ssh_known_hosts/resources/entry.rb:78:in `block (2 levels) in class_from_file'
    /var/chef/cache/cookbooks/ssh_known_hosts/resources/entry.rb:76:in `block in class_from_file'

Resource expands to:

   ssh_known_hosts_entry("github.com") do
      action [:flush]
      retries 0
      retry_delay 2
      default_guard_interpreter :default
      declared_type :ssh_known_hosts_entry
      cookbook_name "mycookbook"
      recipe_name "_deploy"
      file_location "/etc/ssh/ssh_known_hosts"
      host "github.com"
      key_type "rsa"
      mode "0644"
      owner "root"
      group "root"
    end

When I just use ssh_known_hosts_entry 'github.com' entry is added to /etc/ssh/ssh_known_hosts but not available during runtime. When changed declaration to use :flush the above error happens.

I strongly expect this is pilot error. I added the ssh_known_hosts recipe to the Cheffile for librarian-chef, added an include_recipe import for ssh_known_hosts to my dependent recipe, remembered to run librarian_chef update for the vagrant's directory, and received this when I tried to use the ssh_known_hosts_entry LWRP in my recipe. What did I overlook?

==> vb-tt-dev: NoMethodError
==> vb-tt-dev: -------------
==> vb-tt-dev: No resource or method named `ssh_known_hosts_entry' for `Chef::Recipe "default"'
==> vb-tt-dev: 
==> vb-tt-dev: 
==> vb-tt-dev: Cookbook Trace:
==> vb-tt-dev: ---------------
==> vb-tt-dev:   /tmp/vagrant-chef-2/chef-solo-1/cookbooks/ssh_known_hosts/recipes/default.rb:70:in `block in from_file'
==> vb-tt-dev: 
==> vb-tt-dev:   /tmp/vagrant-chef-2/chef-solo-1/cookbooks/ssh_known_hosts/recipes/default.rb:62:in `each'
==> vb-tt-dev:   /tmp/vagrant-chef-2/chef-solo-1/cookbooks/ssh_known_hosts/recipes/default.rb:62:in `from_file'
==> vb-tt-dev:   /tmp/vagrant-chef-2/chef-solo-1/cookbooks/get-gitrepos/recipes/default.rb:20:in `from_file'

When writing the key line if the user has specified "dsa" as the key_type the script will write out "ssh-dsa" but I think it should be "ssh-dss" to work. "rsa" is correctly left untouched.

Relevant line: 4791dfb#diff-335bb64cd132203fb779b6bb38fc1857R30

The SSH known_hosts format documentation doesn't appear to mention the "ssh-" field at all so I'm basing this off testing in my own environment.

Cookbook version

4.1.0

Chef-client version

12.10.24

Platform Details

Red Hat Enterprise Linux Server release 7.2 (Maipo) on AWS, based on ami-d1315fb1

Scenario:

I had the following in my recipe:

ssh_known_hosts_entry "bitbucket.org,131.103.20.167" do
	key 'AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw=='
end

ssh_known_hosts_entry "bitbucket.org,131.103.20.168" do
	key 'AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw=='
end

After upgrading to latest 4.1.0 version of this cookbook, it changed my /etc/ssh/ssh_known_hosts as follows during converge:

mybox.myorg.com   * template[update ssh known hosts file] action create
mybox.myorg.com     - update content in file /etc/ssh/ssh_known_hosts from 353c0a to 4a1b31
mybox.myorg.com     --- /etc/ssh/ssh_known_hosts	2016-11-03 23:46:42.832187975 +0000
mybox.myorg.com     +++ /etc/ssh/.chef-update ssh known hosts file20170105-24339-gw9cdy	2017-01-05 19:35:53.624325221 +0000
mybox.myorg.com     @@ -1,3 +1,3 @@
mybox.myorg.com     -bitbucket.org,131.103.20.167 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==
mybox.myorg.com     -bitbucket.org,131.103.20.168 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==
mybox.myorg.com     +[bitbucket.org,131.103.20.167]:22 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==
mybox.myorg.com     +[bitbucket.org,131.103.20.168]:22 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==

Later on the converge fails on the git resource, it doesn't seem to like the []:22 in the entries:

mybox.myorg.com STDERR: Host key verification failed.
mybox.myorg.com fatal: Could not read from remote repository.

If I roll back to 4.0.0 version of this cookbook, it works fine. Only difference seems to be no more []:22 in the entries. (Yes I also realized my bitbucket ips are out of date!)

No solution right now but in case it was missed, this cookbook (Chef maintained) has a dependency on "partial_search" (Chef maintained) which is deprecated. Thanks.

Tagging @tas50 just so someone is aware...

Cookbook version

6.1.0

Chef-client version

2.4.17

Platform Details

Ubuntu 14.04

Scenario:

Our test-kitchen builds are failing due to the custom known_hosts file we have specified not existing. It appears the cookbook is now ignoring the default['ssh_known_hosts']['file'] attribute and just writing to the default file unless explicitly overridden using file_location in the recipe.

Steps to Reproduce:

Run the tests from the recipe using an attributes file instead of hardcoded file_location and see what happens. https://github.com/chef-cookbooks/ssh_known_hosts/raw/master/test/fixtures/cookbooks/ssh_known_hosts_test/recipes/resource.rb

Expected Result:

Previously (in 5.2.1 and earlier) the custom attribute specified file was created and populated.

Actual Result:

Now the entries are simply added to the host wide known_hosts and not the user/application specific known hosts defined in attributes.

With v2.0.0 we're getting the following error when we run our ChefSpec specs for a cookbook that uses ssh_known_hosts:

TypeError
---------
no implicit conversion of Array into String

Relevant File Content:
----------------------
/var/folders/48/v3jpvqg155d2qfktth99_8t40000gp/T/d20141205-96021-7o92di/cookbooks/ssh_known_hosts/recipes/default.rb:

 55:                              }
 56:      end
 57:    end
 58:  end
 59:  
 60:  # Add the data from the data_bag to the list of nodes.
 61:  # We need to rescue in case the data_bag doesn't exist.
 62>> if Chef::DataBag.list.key?('ssh_known_hosts')
 63:    begin
 64:      hosts += data_bag('ssh_known_hosts').collect do |item|
 65:        entry = data_bag_item('ssh_known_hosts', item)
 66:        {
 67:          'fqdn' => entry['fqdn'] || entry['ipaddress'] || entry['hostname'],
 68:          'key'  => entry['rsa'] || entry['dsa']
 69:        }
 70:      end
 71:    rescue

our usage in a recipe:

include_recipe 'ssh_known_hosts'
ssh_known_hosts_entry 'github.com'

no data bags.

Cookbook version

4 or higher

Scenario:

I am trying to add a host of for the repository like github.com and then pull down the repository using a bash script. I am not using the git resource because the key I am using is passphrase protected.

Steps to Reproduce:

Create a simple cookbook with the following code in the default cookbook

ssh_known_hosts_entry 'github.com'
bash "Setting up repository" do
  user 'root'
  code <<-EOH
  		mkdir /var/www
  		cd /var/www
		git init
		git remote add origin [email protected]:starx/DockerCentOS6.3LAMP.git
		git pull --depth=1 origin master  
  EOH
end

For the sake of seeing the issue, we don't actually need to add the ssh-key.

Or, download this and test using kitchen.

Expected Result:

Host to be recognized on the first run and allowed to proceed by getting the error of Could not read from remote repository. because an ssh key has not been added yet.

Actual Result:

Fails by saying Host key verification failed.
Sample full log of kitchen converge https://pastebin.com/TUBg3ASA

Ok, I am leaving this an issue. Slap me on the head if I am missing something simple, but my ssh_known_hosts file only has the keys. no hostname or type is being added to the file.

I am calling it via wrapper recipe

include_recipe 'ssh_known_hosts'

Sample file.

AAAAB3NzaC1yc2EAAAADAQABAAABAQDTUdc8gn4xflE171RO8vJK7P...
AAAAB3NzaC1yc2EAAAADAQABAAABAQDU/YpX7IB1lBArD0k1qlX9kg...
AAAAB3NzaC1yc2EAAAADAQABAAABAQDUNNpq4yCH59+RQ1yfw5APZd...
AAAAB3NzaC1yc2EAAAADAQABAAABAQDVNz/5QUFjuEBojG5Q47CqPW...
AAAAB3NzaC1yc2EAAAADAQABAAABAQDyxATce0rxjltwKbEW39sB77...

A file resource is being used inside this provider however there is no attributes in LWRP for mode, owner, and group to pass on to this file resource. I always end up having to call file resource again after entry LWRP block with :touch action just for purpose of setting mode, owner, and group.

1. https://github.com/chef-cookbooks/ssh_known_hosts/blob/master/recipes/default.rb#L9
   Does this really need to still extend to 2017? That company no longer exists I stopped working for them in 2010 so shouldn't it end there?

They don't publish the cookbook anywhere in their name; other than the original source I linked there really shouldn't be any need to include them in the copyright possibly.

I am attempting to add 7 entries to the known hosts file. The first 6 are concatenated onto a single line in the hosts file, with the last one being given its own line. Obviously this prevents host verification from happening for all but the last host. I checked out the v2.0.0 release commit and it works as it's supposed to, so the bug has been introduced somewhere between now and then.

There are a lot of bugs fixed since the last released version, please do a release

Using CentOS 6.3, the -H option creates a unique hash for the hostname each time it is run. Consequently, each time chef-client runs, it appends another line to /etc/ssh/ssh_known_hosts. The key_exists? method never returns true. Is this the intended behavior?

We use the default recipe for this cookbook, and because hosts are only ever added via the ssh_known_hosts_entry provider, old nodes that have been removed from the chef server are never removed from the known_hosts file.

In addition, when building the known hosts file, the provider must do a regex scan, and then a file write and replace for every new host that's added. This causes the chef run to slow down considerably when there's a few hundred hosts to in the file.

There should be an attribute flag that allows the recipe to completely replace the ssh_known_hosts file every time chef runs, with only keys that are currently in chef, and without doing a regex search.

Cookbook version

4.0.0

Chef-client version

12.13.37

Platform Details

Ubuntu 14.04 LTS

Scenario:

I'm upgrading from ssh_known_hosts 2.x to 4.x using only a local data bag using knife solo.

Steps to Reproduce:

I have no config other than the data bag (see below) and "recipe[ssh_known_hosts]" in my run_list.

{
  "id": "github",
  "fqdn": "github.com"
}

Expected Result:

Running knife solo cook works.

Actual Result:

I get an exception:

Recipe Compile Error in /home/admin/chef-solo/local-mode-cache/cache/cookbooks/ssh_known_hosts/recipes/default.rb
================================================================================

Net::HTTPFatalError
-------------------
500 "Internal Server Error"

Cookbook Trace:
---------------
  /home/admin/chef-solo/local-mode-cache/cache/cookbooks/ssh_known_hosts/libraries/helpers.rb:18:in `hosts_keys'
  /home/admin/chef-solo/local-mode-cache/cache/cookbooks/ssh_known_hosts/recipes/default.rb:36:in `from_file'
  /home/admin/chef-solo/local-mode-cache/cache/cookbooks/compat_resource/files/lib/chef_compat/monkeypatches/chef/run_context.rb:336:in `load_recipe'

My guess is that since I neither use the cacher, nor have data bag on other nodes, this line gets executed and fails, never reaching the following lines that go through local data bags.

Using the LWRP, I need to be able to set the user, group, and mode for the ssh_known_hosts file, because I have a corporate security policy that needs to be enforced.

I have noticed that when using the provider in this cookbook on very lightweight machines (e.g. docker boxes) the recipe will error out with the error No such file or directory - ssh-keyscan due to https://github.com/opscode-cookbooks/ssh_known_hosts/blob/master/providers/entry.rb#L40. The simple fix for this on ubuntu at least is to install the openssh-client package, not sure about other distributions.

Curious because of berks integration and private offline github repo so I can't keep a fork up to date without significant effort unless I can just berks it down.

Seems like if there are two knife bootstraps going on at the same time the one that includes the ssh_known_hosts recipe seems to produce this error and can't converge until the other one is complete. In fact all hosts seem to produce this error until the bootstrapped node completes.

================================================================================
Recipe Compile Error in /var/chef/cache/cookbooks/msc_core/recipes/msc_auth.rb
================================================================================

ArgumentError
-------------
You must supply a name when declaring a ssh_known_hosts_entry resource

Cookbook Trace:
---------------
  /var/chef/cache/cookbooks/ssh_known_hosts/recipes/default.rb:85:in `block in from_file'
  /var/chef/cache/cookbooks/ssh_known_hosts/recipes/default.rb:77:in `each'
  /var/chef/cache/cookbooks/ssh_known_hosts/recipes/default.rb:77:in `from_file'
  /var/chef/cache/cookbooks/msc/recipes/sshd.rb:17:in `from_file'
  /var/chef/cache/cookbooks/msc_core/recipes/msc_auth.rb:2:in `from_file'

Relevant File Content:
----------------------
/var/chef/cache/cookbooks/ssh_known_hosts/recipes/default.rb:

 78:    unless host['key'].nil?
 79:      # The key was specified, so use it
 80:      ssh_known_hosts_entry host['fqdn'] do
 81:        key host['key']
 82:      end
 83:    else
 84:      # No key specified, so have known_host perform a DNS lookup
 85>>     ssh_known_hosts_entry host['fqdn']
 86:    end
 87:  end
 88:

All we are doing in our recipe is the following.

include_recipe 'ssh_known_hosts'

Cookbook version

Latest 2.0.0

Chef-client version

Not Relevant

Platform Details

All AFAIK.

Scenario:

When investigating a PR, ran into this error

kitchen converge INSTANCE

Expected Result:

No errors.

Actual Result:

Cookbook version

5.2.1

Chef-client version

12.20.3

Platform Details

Debian 9

Scenario:

There is an example in documentation how to add an own key, the string includes domain name and key type, then the key. But it results in doubling the domain name and the type is ignored completely, it is always added as an RSA, but I need different types to add.

Steps to Reproduce:

ssh_known_hosts_entry 'domain' do
  key 'domain ssh-ed25519 AAAA......'
end

Expected Result:

In /etc/ssh/ssh_known_keys:
domain ssh-ed25519 AAAA.....

Actual Result:

In /etc/ssh/ssh_known_keys:
domain ssh-rsa domain ssh-ed25519 AAAA.....

Cookbook version

4.1.1

Chef-client version

12.15.19

Platform Details

Redhat 7.3

Scenario:

When using the custom resource, I'm expecting it to append to the known hosts file. However, it is replacing the entire file with 1 entry.

Steps to Reproduce:

In attributes/default.rb

default['ssh_known_hosts']['file'] = '/home/user/.ssh/known_hosts'

In a recipe, I have the following:

ssh_known_hosts_entry 'my.awesome.host.com' do
  owner 'user'
  group 'group'
  action :create
end

Expected Result:

Existing known hosts should remain and 1 extra entry should be added.

Actual Result:

The known hosts file only has:

my.awesome.host.com ssh-rsa ..................

Cookbook version

7.0.0

Chef-client version

Chef Infra Client: 15.2.20

Platform Details

Description: Debian GNU/Linux 9.9 (stretch)
Release: 9.9
Codename: stretch

Scenario:

I'm using the default recipe to generate ssh_known_hosts file for one specific node

Steps to Reproduce:

I'm just invoking the default recipe on the concerned node

Expected Result:

node-name-1 ssh-ed25519 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXxxx
node-name-2 ssh-ed25519 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXxxx

Actual Result:

localhost ssh-ed25519 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXxxx
localhost ssh-ed25519 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXxxx
localhost ssh-ed25519 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXxxx
localhost ssh-rsa XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXxxx
localhost ssh-rsa XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXxxx
localhost ssh-rsa XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXxxx

The hostnames aren't included in the file so the ssh client fails to recognize hosts.

[2015-01-30T15:44:43+00:00] INFO: Processing ssh_known_hosts_entry[github.com] action create (start_kit::git_access line 12)
[2015-01-30T15:44:43+00:00] DEBUG: providers for generic ssh_known_hosts_entry resource enabled on node include: []
[2015-01-30T15:44:43+00:00] DEBUG: providers that refused resource ssh_known_hosts_entry[github.com] were: []
[2015-01-30T15:44:43+00:00] DEBUG: providers that support resource ssh_known_hosts_entry[github.com] include: []
[2015-01-30T15:44:43+00:00] DEBUG: no providers supported the resource, falling back to enabled handlers
[2015-01-30T15:44:43+00:00] DEBUG: providers that survived replacement include: []
[2015-01-30T15:44:43+00:00] DEBUG: dynamic provider resolver FAILED to resolve a provider
[2015-01-30T15:44:43+00:00] DEBUG: Platform ubuntu version 12.04 found

Line 12 is exactly ssh_known_hosts_entry 'github.com'

Seeing an issue with ordering of ssh_known_hosts items changing between runs.

Cookbook version

5.2.1

Chef-client version

14.0.190. Also happens on Chef 12 and 13.

Platform Details

Linux

Scenario:

Order of entries written to /etc/ssh/ssh_known_hosts changes between runs.

Steps to Reproduce:

Have a ssh_known_hosts_entry 'some.site' resource.

Expected Result:

Order should not change between runs.

Actual Result:

Run chef-client several times and see that the same key gets rewritten to the file but in a different order sometimes.

I was running 2.0.0 before and this didn't happen.

We had a problem with chef-client workers hanging indefinitely, which I narrowed down to the ssh-keyscan run in a ssh_known_hosts_entry 'github.com' resource. There seem to be cases where it will connect and never close/timeout, which means chef-client won't complete. Any reason not to run ssh-keyscan with mixlib/shellout with its timeout?

The link to http://tickets.chef.io does not work as the subdomain does not exist. Instead it seems like it should link to https://tickets.opscode.com/browse/CHEF.

due to changing hashes the same entry get's appended again and again on each run. see pull request #23 which seems to address that issue.
This is a real show-stopper.