Bug 1911803

Summary: [Assisted-4.6] [Staging] No BE validation for SSH key when generating an ISO
Product: OpenShift Container Platform Reporter: Lital Alon <lalon>
Component: assisted-installerAssignee: vemporop
assisted-installer sub component: assisted-service QA Contact: Yuri Obshansky <yobshans>
Status: CLOSED ERRATA Docs Contact:
Severity: high    
Priority: unspecified CC: aos-bugs, itsoiref, mchernyk, vemporop
Version: 4.6   
Target Milestone: ---   
Target Release: 4.7.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: OCP-Metal-v1.0.17.1 Doc Type: Bug Fix
Doc Text:
Cause: SSH public key validation was not applied when using the generate ISO API. Consequence: Malformed SSH public keys were accepted without returning an error, eventually causing failures during cluster installation. Fix: Apply in the generate ISO API the same SSH public key validation we use in the create cluster API. Result: A malformed SSH public key is rejected with an error message.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-03-10 11:24:01 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Lital Alon 2020-12-31 11:36:04 UTC 
Description of problem:
I mistakenly used malformed SSH key to generate ISO. 
The issue is that ISO generated successfully. I expected to get error from BE explaining that the ssh key is malformed.

Got Error from BE only when tried to apply the SSH key also on cluster settings.

I used the following key (which is missing the footer):
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5g7Ry8t2G00eBaJpWRJmuLqw369dkHmxLlDwxm8mVuRaDifsRQs2Kvx3zIODcVJQy0xbKatcBWUopoHUs+xrbImU3TL0mCsZnnEWbqY0H22a6lVJ9bA2oSJsZnvk6XLnC+r042oWKaluJ1sqMyoxtx2lTgTro52fvCKcLGeBOccNOLoTyM3pWzBd/3WXg2LRyekLBYxDCh8Vf8JjWby1udbauiuGKpj7ZckmL9NzHZnYLakSuj1eYHtclF/s29fyRnciGcW5axNg+XwEioOA5pCPzlYoK/WR9n/slOZvWPBWZb8KcNfmAtAzhVvzVQX19ta6PNnst9etWbMksqqj

Version-Release number of selected component (if applicable):
v1.0.14.1

Steps to Reproduce:
1. generate iso with malformed ssh key


Actual results:
ISO generated successfully

Expected results:
Error displays explaining the ssh key is malformed
Comment 1 Michael Filanov 2020-12-31 16:41:17 UTC 
vemporop itsoiref some how it passed our ssh validation, can one of you take a look?
Comment 2 Michael Filanov 2020-12-31 16:42:31 UTC 
@itsoiref @vemporop
Comment 3 Michael Filanov 2021-01-05 07:37:46 UTC 
cat key.txt 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5g7Ry8t2G00eBaJpWRJmuLqw369dkHmxLlDwxm8mVuRaDifsRQs2Kvx3zIODcVJQy0xbKatcBWUopoHUs+xrbImU3TL0mCsZnnEWbqY0H22a6lVJ9bA2oSJsZnvk6XLnC+r042oWKaluJ1sqMyoxtx2lTgTro52fvCKcLGeBOccNOLoTyM3pWzBd/3WXg2LRyekLBYxDCh8Vf8JjWby1udbauiuGKpj7ZckmL9NzHZnYLakSuj1eYHtclF/s29fyRnciGcW5axNg+XwEioOA5pCPzlYoK/WR9n/slOZvWPBWZb8KcNfmAtAzhVvzVQX19ta6PNnst9etWbMksqqj

ssh-keygen -l -f key.txt 
key.txt is not a public key file.

Maybe we can run a similar tool or find a code that do the same?
Comment 4 vemporop 2021-02-22 09:55:36 UTC 
Fixed by https://github.com/openshift/assisted-service/pull/1136
Comment 6 Igal Tsoiref 2021-03-02 15:33:46 UTC 
no new info from my side
Comment 7 mchernyk 2021-03-03 15:12:57 UTC 
Verified on stage env, 
AI release_tag	v1.0.17.1
Comment 8 Lital Alon 2021-03-03 21:12:16 UTC 
MR for automation coverage: https://gitlab.cee.redhat.com/ocp-edge-qe/kni-assisted-installer-auto/-/merge_requests/132
Comment 10 errata-xmlrpc 2021-03-10 11:24:01 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.7.1 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:0678