Bug 1194035
Summary: | Add validation of SSH key size as a configuration parameter for OpenShift broker | |||
---|---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Øystein Bedin <obedin> | |
Component: | Node | Assignee: | Scott Dodson <sdodson> | |
Status: | CLOSED ERRATA | QA Contact: | libra bugs <libra-bugs> | |
Severity: | high | Docs Contact: | ||
Priority: | high | |||
Version: | 2.2.0 | CC: | adellape, bleanhar, cryan, erich, jkaur, jokerman, libra-onpremise-devel, mmccomas, sdodson, xiama | |
Target Milestone: | --- | |||
Target Release: | --- | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | openshift-origin-broker-1.16.2.5-1, rubygem-openshift-origin-controller-1.35.1.2-1 | Doc Type: | Enhancement | |
Doc Text: |
This enhancement adds optional SSH key size validation for when developers add a new public key to their account. Administrators can configure this by setting the MINIMUM_SSH_KEY_SIZE parameter to the desired value in the /etc/openshift/broker.conf file on brokers, then restarting the openshift-broker service.
|
Story Points: | --- | |
Clone Of: | ||||
: | 1194200 (view as bug list) | Environment: | ||
Last Closed: | 2015-04-06 17:06:16 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1194200 |
Description
Øystein Bedin
2015-02-18 20:10:46 UTC
Created a PR for the proposed changes - it can be found here: https://github.com/openshift/origin-server/pull/6078 *** Bug 1194200 has been marked as a duplicate of this bug. *** I believe this made it into devenv_5471 When I was testing I set this value in /etc/openshift/broker-dev.conf MINIMUM_SSH_KEY_SIZE="ssh-rsa|1024 ssh-dss|1024" Check on puddle [2.2.5/2015-03-17.1] 1.generate different size key #ssh-keygen -b 1024 -f rsa_1024 #ssh-keygen -b 4096 -f rsa_4096 #ssh-keygen -f rsa_2048 #ssh-keygen -f dsa_1024 -t dsa 2.setup with user #rhc setup -l xiaom 3.add all keys generate in the step 1 #keys="rsa_1024 rsa_4096 rsa_2048 dsa_1024" # for key in $keys;do echo $key; set -x; rhc sshkey add $key $key.pub -l xiaom;done 4.list all keys All keys are added successfully 5.delete all keys #for key in $(rhc sshkey list -l xiaom|grep type|awk '{print $1}');do rhc sshkey remove $key -l xiaom;done 6. configure the mininum key size, and restart the openshift-broker #vim /etc/openshift/broker.conf MINIMUM_SSH_KEY_SIZE="ssh-rsa|2048 ssh-dss|1024" #service openshift-broker restart 7. add all keys #rhc sshkey add $key_name $keyfile dsa_1024 pass rsa_4096 pass rsa_1024 fail (Invalid RSA key size. Must be greater or equal to 2048.) rsa_2048 pass 8. delete all keys 9.configure the mininum key size, and restart the openshift-broker #vim /etc/openshift/broker.conf MINIMUM_SSH_KEY_SIZE="ssh-rsa|4097 ssh-dss|1025" #service openshift-broker restart 10. add all keys dsa_1024 fail (Invalid DSA key size. Must be greater or equal to 1025.) rsa_4096 fail (Invalid RSA key size. Must be greater or equal to 4097.) rsa_1024 fail (Invalid RSA key size. Must be greater or equal to 4097.) rsa_2048 fail (Invalid RSA key size. Must be greater or equal to 4097.) 11.configure the mininum key size, and restart the openshift-broker #vim /etc/openshift/broker.conf MINIMUM_SSH_KEY_SIZE="ssh-rsa|4095 ssh-dss|1023" #service openshift-broker restart 12. add all keys dsa_1024 pass rsa_4096 pass rsa_1024 fail (Invalid RSA key size. Must be greater or equal to 4095.) rsa_2048 fail (Invalid RSA key size. Must be greater or equal to 4095.) 13. delete all keys 14. rhc setup -l xiaom fail to add default key 15. .configure the mininum key size, and restart the openshift-broker #vim /etc/openshift/broker.conf MINIMUM_SSH_KEY_SIZE="ssh-dsa|2048" #service openshift-broker restart 16. add all keys dsa_1024 fail (Invalid DSA key size. Must be greater or equal to 2048.) rsa_4096 pass rsa_1024 pass rsa_2048 pass 17. configure the mininum key size, and restart the openshift-broker #vim /etc/openshift/broker.conf MINIMUM_SSH_KEY_SIZE="ssh-rsa|1023 ssh-dss|2048" #service openshift-broker restart 18. delete all keys all keys can be deleted. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-0779.html |