Bug 1239283

Summary: [vmconsole] remove rsa algorithm restriction from user key
Product: [oVirt] ovirt-engine Reporter: Alon Bar-Lev <alonbl>
Component: VMConsoleAssignee: Francesco Romani <fromani>
Status: CLOSED CURRENTRELEASE QA Contact: Nikolai Sednev <nsednev>
Severity: medium Docs Contact:
Priority: unspecified    
Version: ---CC: alonbl, bugs, ecohen, fromani, gklein, iheim, lsurette, michal.skrivanek, rbalakri, yeylon
Target Milestone: ovirt-3.6.0-rcKeywords: Triaged
Target Release: 3.6.0Flags: rule-engine: ovirt-3.6.0+
ylavi: planning_ack+
rule-engine: devel_ack+
rule-engine: testing_ack+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: virt
Fixed In Version: 3.6.0-4 alpha3 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-11-27 07:54:49 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Virt RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1277543    
Bug Blocks: 601863, 1223671    

Description Alon Bar-Lev 2015-07-05 11:27:57 UTC 
It is non professional to limit user to use specific algorithm for key.

Please remove this restriction ASAP.

We discussed this and it was promised that will happen, if you do not do this I will.
Comment 1 Francesco Romani 2015-07-06 06:35:55 UTC 
(In reply to Alon Bar-Lev from comment #0)
> We discussed this and it was promised that will happen, if you do not do
> this I will.

Yep, here: https://gerrit.ovirt.org/#/c/42080/13

still WIP because it was superceeded by other patches. OTOH, still working toward this goal.
Comment 2 Francesco Romani 2015-07-28 13:08:31 UTC 
updating fields, forgot to move to MODIFIED back in time, so fixing manually
Comment 3 Nikolai Sednev 2015-11-09 08:49:10 UTC 
Hi Francesco,
May you provide a way to verify this bug, as I'm not sure that I fully understand the meaning of the issue described in this bug.
Comment 4 Francesco Romani 2015-11-09 12:10:40 UTC 
Hi Nikolai,

Engine does some minimal validation about the user-generated ssh key which is uploaded.

SSH keys can be generated using different algorithms: see
man ssh-keygen for details (option -t)

To verify this bug, you can try generating different key types, like
dsa | ecdsa | rsa and check that Engine allows you to register keys with type != rsa.
Comment 5 Nikolai Sednev 2015-11-11 14:16:41 UTC 
Works for me while I used:
ssh -v -t -i $HOME/.ssh/id_dsa -p 2222 ovirt-vmconsole@my_engine's_ip connect
And succeeded connecting the guest VM:
Available Serial Consoles:
00 RHEL_7_2_VM2[3c0bb6b7-43e1-427c-9575-f58b50a72dae]
01 RHEL_7_2_VM2[3c0bb6b7-43e1-427c-9575-f58b50a72dae]
02 RHEL7_2_VM_1[ea857677-f6d2-4d16-a40a-a44222670482]
03 RHEL7_2_VM_1[ea857677-f6d2-4d16-a40a-a44222670482]
SELECT> 02


Red Hat Enterprise Linux Server 7.2 (Maipo)
Kernel 3.10.0-327.el7.x86_64 on an x86_64

localhost login: 


Components on host:
ovirt-vmconsole-host-1.0.1-0.0.master.20151105234454.git3e5d52e.el7.noarch
ovirt-release36-snapshot-001-2.noarch
ovirt-vmconsole-1.0.1-0.0.master.20151105234454.git3e5d52e.el7.noarch
ovirt-release36-001-2.noarch
libvirt-client-1.2.17-13.el7.x86_64
vdsm-4.17.10.1-0.el7.centos.noarch
sanlock-3.2.4-1.el7.x86_64
mom-0.5.1-2.el7.noarch
qemu-kvm-rhev-2.3.0-31.el7.x86_64
Linux version 3.10.0-327.el7.x86_64 (mockbuild.eng.bos.redhat.com) (gcc version 4.8.3 20140911 (Red Hat 4.8.3-9) (GCC) ) #1 SMP Thu Oct 29 17:29:29 EDT 2015



Components on engine:
ovirt-vmconsole-proxy-1.0.0-1.el6ev.noarch
rhevm-3.6.0.3-0.1.el6.noarch
Linux version 2.6.32-573.7.1.el6.x86_64 (mockbuild.eng.bos.redhat.com) (gcc version 4.4.7 20120313 (Red Hat 4.4.7-16) (GCC) ) #1 SMP Thu Sep 10 13:42:16 EDT 2015
Comment 6 Sandro Bonazzola 2015-11-27 07:54:49 UTC 
Since oVirt 3.6.0 has been released, moving from verified to closed current release.