Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1048139

Summary: VALID_SSH_KEY_TYPES related content should be added into broker.conf
Product: OpenShift Container Platform Reporter: Gaoyun Pei <gpei>
Component: NodeAssignee: Brenton Leanhardt <bleanhar>
Status: CLOSED ERRATA QA Contact: libra bugs <libra-bugs>
Severity: low Docs Contact:
Priority: low    
Version: 2.0.0CC: adellape, bleanhar, jolamb, libra-onpremise-devel, mmasters
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openshift-origin-broker-1.15.3.2-1.el6op Doc Type: Enhancement
Doc Text:
The VALID_SSH_KEY_TYPES setting was not documented in the /etc/openshift/broker.conf file on the broker host. The file now documents the setting and its defaults for greater visibility.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2014-02-25 15:42:52 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Gaoyun Pei 2014-01-03 09:35:27 UTC 
Description of problem:
ose-2.0 allow user to custom valid sshkey types in the broker configuration file,
and the "VALID_SSH_KEY_TYPES" parameter could take effect(refer to line 84 in /var/www/openshift/broker/config/environments/production.rb) 

Checked this on the latest devenv, it has the following content in broker.conf:

# Comma-separated list of allowed types for ssh keys. krb5-principal keys are added to .k5login, instead of authorized_keys
# Default is "ssh-rsa,ssh-dss,ssh-rsa-cert-v01,ssh-dss-cert-v01,ssh-rsa-cert-v00,ssh-dss-cert-v00,krb5-principal"
#VALID_SSH_KEY_TYPES=""

So suggest to add the above content to broker.conf


Version-Release number of selected component (if applicable):
2.0.z/2013-12-31.1

How reproducible:
Always

Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 2 Brenton Leanhardt 2014-02-03 18:00:03 UTC 
Upstream commit:

commit 0f0b54394510cefcbb5cf59a0a97dd86f16f23d6
Author: Brenton Leanhardt <bleanhar>
Date:   Mon Feb 3 12:57:14 2014 -0500

    Bug 1048139 - Adding missing setting to broker.conf
Comment 6 Gaoyun Pei 2014-02-07 06:42:57 UTC 
verify this bug with openshift-origin-broker-1.15.3.2-1.el6op, checked file /etc/openshift/broker.conf, the related content has been added:
...
7 # Comma-separated list of allowed types for ssh keys. krb5-principal keys ar   e added to .k5login, instead of authorized_keys
8 #VALID_SSH_KEY_TYPES="ssh-rsa,ssh-dss,ssh-rsa-cert-v01,ssh-dss-c   ert-v01,ssh-rsa-cert-v00,ssh-dss-cert-v00,krb5-principal"
Comment 9 errata-xmlrpc 2014-02-25 15:42:52 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-0209.html