Bug 1911443

Summary: SSH Cretifiaction field should be validated
Product: OpenShift Container Platform Reporter: Yaacov Zamir <yzamir>
Component: Console Kubevirt PluginAssignee: Yaacov Zamir <yzamir>
Status: CLOSED ERRATA QA Contact: Guohua Ouyang <gouyang>
Severity: low Docs Contact:
Priority: high    
Version: 4.7CC: aos-bugs, gouyang
Target Milestone: ---   
Target Release: 4.7.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-02-24 15:49:11 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Yaacov Zamir 2020-12-29 13:38:47 UTC
Description of problem:
- SSH Cretifiaction fields should be validated
- SSH Certifaction fields should have a nice placeholder explaining how to fill this field

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Open create VM wizard
2. Go to customize VM
3. Go to advanced tab
4. Choose cloudinit Form
5. Fill in the SSH authentication field

Actual results:
A regular input field with no validation of help hint

Expected results:
SSH public key is validated, and a hint is shown under the input field.

Additional info:
https://issues.redhat.com/browse/CNV-7559

Comment 1 Yaacov Zamir 2020-12-29 13:44:25 UTC
Note:
example of ssh public key (https://git-scm.com/book/en/v2/Git-on-the-Server-Generating-Your-SSH-Public-Key)

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAklOUpkDHrfHY17SbrmTIpNLTGK9Tjom/BWDSU
GPl+nafzlHDTYW7hdI4yZ5ew18JH4JW9jbhUFrviQzM7xlELEVf4h9lFX5QVkbPppSwg0cda3
Pbv7kOdJ/MTyBlWXFCR+HAo3FXRitBqxiX1nKhXpHAZsMciLq8V6RjsNAQwdsdMFvSlVK/7XA
t3FaoJoAsncM1Q9x5+3V0Ww68/eIFmb1zuUFljQJKprrX88XypNDvjYNby6vw/Pb0rwert/En
mZ+AW4OZPnTPI89ZPmVMLuayrD2cE86Z/il8b+gw3r3+1nKatmIkjn2so1d01QraTlMqVSsbx
NrRFi9wrf+M7Q== schacon@mylaptop.local

an example of regexp that validate it:
ssh-rsa AAAA[0-9A-Za-z+/]+[=]{0,3} ([^@]+@[^@]+)

Comment 3 Guohua Ouyang 2020-12-31 00:54:36 UTC
(In reply to Yaacov Zamir from comment #1)
> Note:
> example of ssh public key
> (https://git-scm.com/book/en/v2/Git-on-the-Server-Generating-Your-SSH-Public-
> Key)
> 
> ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAklOUpkDHrfHY17SbrmTIpNLTGK9Tjom/BWDSU
> GPl+nafzlHDTYW7hdI4yZ5ew18JH4JW9jbhUFrviQzM7xlELEVf4h9lFX5QVkbPppSwg0cda3
> Pbv7kOdJ/MTyBlWXFCR+HAo3FXRitBqxiX1nKhXpHAZsMciLq8V6RjsNAQwdsdMFvSlVK/7XA
> t3FaoJoAsncM1Q9x5+3V0Ww68/eIFmb1zuUFljQJKprrX88XypNDvjYNby6vw/Pb0rwert/En
> mZ+AW4OZPnTPI89ZPmVMLuayrD2cE86Z/il8b+gw3r3+1nKatmIkjn2so1d01QraTlMqVSsbx
> NrRFi9wrf+M7Q== schacon@mylaptop.local
> 
> an example of regexp that validate it:
> ssh-rsa AAAA[0-9A-Za-z+/]+[=]{0,3} ([^@]+@[^@]+)

Do you think removing "schacon@mylaptop.local" from the key is valid?

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAklOUpkDHrfHY17SbrmTIpNLTGK9Tjom/BWDSU
GPl+nafzlHDTYW7hdI4yZ5ew18JH4JW9jbhUFrviQzM7xlELEVf4h9lFX5QVkbPppSwg0cda3
Pbv7kOdJ/MTyBlWXFCR+HAo3FXRitBqxiX1nKhXpHAZsMciLq8V6RjsNAQwdsdMFvSlVK/7XA
t3FaoJoAsncM1Q9x5+3V0Ww68/eIFmb1zuUFljQJKprrX88XypNDvjYNby6vw/Pb0rwert/En
mZ+AW4OZPnTPI89ZPmVMLuayrD2cE86Z/il8b+gw3r3+1nKatmIkjn2so1d01QraTlMqVSsbx
NrRFi9wrf+M7Q==

Comment 4 Yaacov Zamir 2020-12-31 05:37:54 UTC
@Guohua looking at https://www.ietf.org/rfc/rfc4253.txt it looks like the mail address in the end is not part of the protocol, I will adjust the verification.

Comment 8 errata-xmlrpc 2021-02-24 15:49:11 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:5633