1239283 – [vmconsole] remove rsa algorithm restriction from user key

Bug 1239283 - [vmconsole] remove rsa algorithm restriction from user key

Summary: [vmconsole] remove rsa algorithm restriction from user key

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	ovirt-engine
Classification:	oVirt
Component:	VMConsole
Sub Component:
Version:	---
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	ovirt-3.6.0-rc
Target Release:	3.6.0
Assignee:	Francesco Romani
QA Contact:	Nikolai Sednev
Docs Contact:
URL:
Whiteboard:	virt
Depends On:	1277543
Blocks:	601863 1223671
TreeView+	depends on / blocked

Reported:	2015-07-05 11:27 UTC by Alon Bar-Lev
Modified:	2016-02-10 19:24 UTC (History)
CC List:	10 users (show)
Fixed In Version:	3.6.0-4 alpha3
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-11-27 07:54:49 UTC
oVirt Team:	Virt
Embargoed:
Dependent Products:
Flags:	rule-engine: ovirt-3.6.0+ ylavi: planning_ack+ rule-engine: devel_ack+ rule-engine: testing_ack+

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
oVirt gerrit	42080	0	None	None	None	Never

Description Alon Bar-Lev 2015-07-05 11:27:57 UTC

It is non professional to limit user to use specific algorithm for key.

Please remove this restriction ASAP.

We discussed this and it was promised that will happen, if you do not do this I will.

Comment 1 Francesco Romani 2015-07-06 06:35:55 UTC

(In reply to Alon Bar-Lev from comment #0)
> We discussed this and it was promised that will happen, if you do not do
> this I will.

Yep, here: https://gerrit.ovirt.org/#/c/42080/13

still WIP because it was superceeded by other patches. OTOH, still working toward this goal.

Comment 2 Francesco Romani 2015-07-28 13:08:31 UTC

updating fields, forgot to move to MODIFIED back in time, so fixing manually

Comment 3 Nikolai Sednev 2015-11-09 08:49:10 UTC

Hi Francesco,
May you provide a way to verify this bug, as I'm not sure that I fully understand the meaning of the issue described in this bug.

Comment 4 Francesco Romani 2015-11-09 12:10:40 UTC

Hi Nikolai,

Engine does some minimal validation about the user-generated ssh key which is uploaded.

SSH keys can be generated using different algorithms: see
man ssh-keygen for details (option -t)

To verify this bug, you can try generating different key types, like
dsa | ecdsa | rsa and check that Engine allows you to register keys with type != rsa.

Comment 5 Nikolai Sednev 2015-11-11 14:16:41 UTC

Works for me while I used:
ssh -v -t -i $HOME/.ssh/id_dsa -p 2222 ovirt-vmconsole@my_engine's_ip connect
And succeeded connecting the guest VM:
Available Serial Consoles:
00 RHEL_7_2_VM2[3c0bb6b7-43e1-427c-9575-f58b50a72dae]
01 RHEL_7_2_VM2[3c0bb6b7-43e1-427c-9575-f58b50a72dae]
02 RHEL7_2_VM_1[ea857677-f6d2-4d16-a40a-a44222670482]
03 RHEL7_2_VM_1[ea857677-f6d2-4d16-a40a-a44222670482]
SELECT> 02


Red Hat Enterprise Linux Server 7.2 (Maipo)
Kernel 3.10.0-327.el7.x86_64 on an x86_64

localhost login: 


Components on host:
ovirt-vmconsole-host-1.0.1-0.0.master.20151105234454.git3e5d52e.el7.noarch
ovirt-release36-snapshot-001-2.noarch
ovirt-vmconsole-1.0.1-0.0.master.20151105234454.git3e5d52e.el7.noarch
ovirt-release36-001-2.noarch
libvirt-client-1.2.17-13.el7.x86_64
vdsm-4.17.10.1-0.el7.centos.noarch
sanlock-3.2.4-1.el7.x86_64
mom-0.5.1-2.el7.noarch
qemu-kvm-rhev-2.3.0-31.el7.x86_64
Linux version 3.10.0-327.el7.x86_64 (mockbuild.eng.bos.redhat.com) (gcc version 4.8.3 20140911 (Red Hat 4.8.3-9) (GCC) ) #1 SMP Thu Oct 29 17:29:29 EDT 2015



Components on engine:
ovirt-vmconsole-proxy-1.0.0-1.el6ev.noarch
rhevm-3.6.0.3-0.1.el6.noarch
Linux version 2.6.32-573.7.1.el6.x86_64 (mockbuild.eng.bos.redhat.com) (gcc version 4.4.7 20120313 (Red Hat 4.4.7-16) (GCC) ) #1 SMP Thu Sep 10 13:42:16 EDT 2015

Comment 6 Sandro Bonazzola 2015-11-27 07:54:49 UTC

Since oVirt 3.6.0 has been released, moving from verified to closed current release.

Note You need to log in before you can comment on or make changes to this bug.