Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1048139 - VALID_SSH_KEY_TYPES related content should be added into broker.conf
VALID_SSH_KEY_TYPES related content should be added into broker.conf
Status: CLOSED ERRATA
Product: OpenShift Container Platform
Classification: Red Hat
Component: Pod (Show other bugs)
2.0.0
Unspecified Unspecified
low Severity low
: ---
: ---
Assigned To: Brenton Leanhardt
libra bugs
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2014-01-03 04:35 EST by Gaoyun Pei
Modified: 2017-03-08 12 EST (History)
5 users (show)

See Also:
Fixed In Version: openshift-origin-broker-1.15.3.2-1.el6op
Doc Type: Enhancement
Doc Text:
The VALID_SSH_KEY_TYPES setting was not documented in the /etc/openshift/broker.conf file on the broker host. The file now documents the setting and its defaults for greater visibility.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-02-25 10:42:52 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2014:0209 normal SHIPPED_LIVE Red Hat OpenShift Enterprise 2.0.3 bugfix and enhancement update 2014-02-25 15:40:32 EST

  None (edit)
Description Gaoyun Pei 2014-01-03 04:35:27 EST 
Description of problem:
ose-2.0 allow user to custom valid sshkey types in the broker configuration file,
and the "VALID_SSH_KEY_TYPES" parameter could take effect(refer to line 84 in /var/www/openshift/broker/config/environments/production.rb) 

Checked this on the latest devenv, it has the following content in broker.conf:

# Comma-separated list of allowed types for ssh keys. krb5-principal keys are added to .k5login, instead of authorized_keys
# Default is "ssh-rsa,ssh-dss,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,krb5-principal"
#VALID_SSH_KEY_TYPES=""

So suggest to add the above content to broker.conf


Version-Release number of selected component (if applicable):
2.0.z/2013-12-31.1

How reproducible:
Always

Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 2 Brenton Leanhardt 2014-02-03 13:00:03 EST 
Upstream commit:

commit 0f0b54394510cefcbb5cf59a0a97dd86f16f23d6
Author: Brenton Leanhardt <bleanhar@redhat.com>
Date:   Mon Feb 3 12:57:14 2014 -0500

    Bug 1048139 - Adding missing setting to broker.conf
Comment 6 Gaoyun Pei 2014-02-07 01:42:57 EST 
verify this bug with openshift-origin-broker-1.15.3.2-1.el6op, checked file /etc/openshift/broker.conf, the related content has been added:
...
7 # Comma-separated list of allowed types for ssh keys. krb5-principal keys ar   e added to .k5login, instead of authorized_keys
8 #VALID_SSH_KEY_TYPES="ssh-rsa,ssh-dss,ssh-rsa-cert-v01@openssh.com,ssh-dss-c   ert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,krb5-principal"
Comment 9 errata-xmlrpc 2014-02-25 10:42:52 EST 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-0209.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.