Description of problem: ose-2.0 allow user to custom valid sshkey types in the broker configuration file, and the "VALID_SSH_KEY_TYPES" parameter could take effect(refer to line 84 in /var/www/openshift/broker/config/environments/production.rb) Checked this on the latest devenv, it has the following content in broker.conf: # Comma-separated list of allowed types for ssh keys. krb5-principal keys are added to .k5login, instead of authorized_keys # Default is "ssh-rsa,ssh-dss,ssh-rsa-cert-v01,ssh-dss-cert-v01,ssh-rsa-cert-v00,ssh-dss-cert-v00,krb5-principal" #VALID_SSH_KEY_TYPES="" So suggest to add the above content to broker.conf Version-Release number of selected component (if applicable): 2.0.z/2013-12-31.1 How reproducible: Always Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Upstream commit: commit 0f0b54394510cefcbb5cf59a0a97dd86f16f23d6 Author: Brenton Leanhardt <bleanhar> Date: Mon Feb 3 12:57:14 2014 -0500 Bug 1048139 - Adding missing setting to broker.conf
verify this bug with openshift-origin-broker-1.15.3.2-1.el6op, checked file /etc/openshift/broker.conf, the related content has been added: ... 7 # Comma-separated list of allowed types for ssh keys. krb5-principal keys ar e added to .k5login, instead of authorized_keys 8 #VALID_SSH_KEY_TYPES="ssh-rsa,ssh-dss,ssh-rsa-cert-v01,ssh-dss-c ert-v01,ssh-rsa-cert-v00,ssh-dss-cert-v00,krb5-principal"
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2014-0209.html