Bug 821107

Summary: Support other SSH keys types
Product: OKD Reporter: Clayton Coleman <ccoleman>
Component: MasterAssignee: Clayton Coleman <ccoleman>
Status: CLOSED CURRENTRELEASE QA Contact: libra bugs <libra-bugs>
Severity: low Docs Contact:
Priority: medium    
Version: 2.xCC: ffranz, qgong, rmillner, rpenta
Target Milestone: ---Keywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-11-06 18:48:59 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
sample ssh-rsa-cert-v01@openssh.com pub key
none
sample private key none

Description Clayton Coleman 2012-05-11 22:39:59 UTC 
Reported here: https://openshift.redhat.com/community/content/use-proper-ssh-algorithms

Should make the valid key type check a bit looser.
Comment 1 Fabiano Franz 2012-05-30 00:10:01 UTC 
Lowering severity so this doesn't block the release.
Comment 2 Clayton Coleman 2012-09-10 20:51:26 UTC 
Openssh types - don't know whether Net::SSH supports all of these yet.

ecdsa-sha2-nistp256-cert-v01,
ecdsa-sha2-nistp384-cert-v01,
ecdsa-sha2-nistp521-cert-v01,
ssh-rsa-cert-v01,ssh-dss-cert-v01,
ssh-rsa-cert-v00,ssh-dss-cert-v00,
ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
ssh-rsa,ssh-dss
Comment 3 Clayton Coleman 2012-09-27 16:59:57 UTC 
Fixed the UI side in https://github.com/openshift/crankcase/pull/539, but the broker still is only allowing ssh-rsa/ssh-dsa.  This is now in the broker/api's court to allow key types besides ssh-rsa/ssh-dss.
Comment 4 Ravi Sankar 2012-10-16 21:59:38 UTC 
Now broker allows all ssh key types stated in 'man ssh_config'.
https://github.com/openshift/origin-server/pull/681

Clayton, please enable your test case ' test_key_create_custom_type' (console/test/integration/rest_api/key_test.rb).

'rhc sshkey' commandline utility need to be updated as well to support more ssh key types.
Comment 5 Ravi Sankar 2012-10-17 19:27:05 UTC 
Created attachment 629027 [details]
sample ssh-rsa-cert-v01 pub key
Comment 6 Ravi Sankar 2012-10-17 19:27:32 UTC 
Created attachment 629028 [details]
sample private key
Comment 7 Clayton Coleman 2012-10-17 19:28:57 UTC 
UI test case fixed in https://github.com/openshift/origin-server/pull/701
Comment 8 Clayton Coleman 2012-10-17 20:08:36 UTC 
rhc sshkey add now allows user to provide '--confirm' to bypass validation https://github.com/openshift/rhc/pull/186
Comment 9 openshift-github-bot 2012-10-18 16:47:25 UTC 
Commit pushed to master at https://github.com/openshift/rhc

https://github.com/openshift/rhc/commit/2266468c78c378790ad08aaa459562cbd244a236
Bug 821107 - Allow an unrecognizable SSH key to be uploaded

Users adding a key can specify --confirm to override validation on the client.  The server may still reject the key and the user will get a warning.
Comment 10 Rony Gong 🔥 2012-10-22 07:40:38 UTC 
Verified on devenv_2360, rhc:0.99.10.gem
Download the sample of pub key and private key
[qgong@localhost ~]$ rhc sshkey add qtest ~/Downloads/rhc1/sample-cert.pub 
File '/home/qgong/Downloads/rhc1/sample-cert.pub' does not appear to be a recognizable key file (unsupported key type
`ssh-rsa-cert-v01'). You may specify the '--confirm' flag to add the key anyway.
[qgong@localhost ~]$ rhc sshkey add qtest ~/Downloads/rhc1/sample-cert.pub --confirm
The key you are uploading is not recognized.  You may not be able to authenticate to your application through Git or
SSH.
Password: 


RESULT:
SSH key /home/qgong/Downloads/rhc1/sample-cert.pub has been added as 'qtest'

[qgong@localhost ~]$ rhc sshkey list

RESULT:
Password: 

       Name: qtest       Type: ssh-rsa-cert-v01: Invalid key