Bug 1911443 - SSH Cretifiaction field should be validated
Summary: SSH Cretifiaction field should be validated
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Console Kubevirt Plugin
Version: 4.7
Hardware: Unspecified
OS: Unspecified
high
low
Target Milestone: ---
: 4.7.0
Assignee: Yaacov Zamir
QA Contact: Guohua Ouyang
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-12-29 13:38 UTC by Yaacov Zamir
Modified: 2021-02-24 15:49 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-02-24 15:49:11 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift console pull 7678 0 None closed Bug 1911443: Validate SSH public key in cloud init form 2021-01-04 00:13:18 UTC
Github openshift console pull 7684 0 None closed Bug 1911443: Remove optional email from ssh key validation 2021-01-08 03:20:24 UTC
Red Hat Product Errata RHSA-2020:5633 0 None None None 2021-02-24 15:49:25 UTC

Description Yaacov Zamir 2020-12-29 13:38:47 UTC
Description of problem:
- SSH Cretifiaction fields should be validated
- SSH Certifaction fields should have a nice placeholder explaining how to fill this field

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Open create VM wizard
2. Go to customize VM
3. Go to advanced tab
4. Choose cloudinit Form
5. Fill in the SSH authentication field

Actual results:
A regular input field with no validation of help hint

Expected results:
SSH public key is validated, and a hint is shown under the input field.

Additional info:
https://issues.redhat.com/browse/CNV-7559

Comment 1 Yaacov Zamir 2020-12-29 13:44:25 UTC
Note:
example of ssh public key (https://git-scm.com/book/en/v2/Git-on-the-Server-Generating-Your-SSH-Public-Key)

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAklOUpkDHrfHY17SbrmTIpNLTGK9Tjom/BWDSU
GPl+nafzlHDTYW7hdI4yZ5ew18JH4JW9jbhUFrviQzM7xlELEVf4h9lFX5QVkbPppSwg0cda3
Pbv7kOdJ/MTyBlWXFCR+HAo3FXRitBqxiX1nKhXpHAZsMciLq8V6RjsNAQwdsdMFvSlVK/7XA
t3FaoJoAsncM1Q9x5+3V0Ww68/eIFmb1zuUFljQJKprrX88XypNDvjYNby6vw/Pb0rwert/En
mZ+AW4OZPnTPI89ZPmVMLuayrD2cE86Z/il8b+gw3r3+1nKatmIkjn2so1d01QraTlMqVSsbx
NrRFi9wrf+M7Q== schacon@mylaptop.local

an example of regexp that validate it:
ssh-rsa AAAA[0-9A-Za-z+/]+[=]{0,3} ([^@]+@[^@]+)

Comment 3 Guohua Ouyang 2020-12-31 00:54:36 UTC
(In reply to Yaacov Zamir from comment #1)
> Note:
> example of ssh public key
> (https://git-scm.com/book/en/v2/Git-on-the-Server-Generating-Your-SSH-Public-
> Key)
> 
> ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAklOUpkDHrfHY17SbrmTIpNLTGK9Tjom/BWDSU
> GPl+nafzlHDTYW7hdI4yZ5ew18JH4JW9jbhUFrviQzM7xlELEVf4h9lFX5QVkbPppSwg0cda3
> Pbv7kOdJ/MTyBlWXFCR+HAo3FXRitBqxiX1nKhXpHAZsMciLq8V6RjsNAQwdsdMFvSlVK/7XA
> t3FaoJoAsncM1Q9x5+3V0Ww68/eIFmb1zuUFljQJKprrX88XypNDvjYNby6vw/Pb0rwert/En
> mZ+AW4OZPnTPI89ZPmVMLuayrD2cE86Z/il8b+gw3r3+1nKatmIkjn2so1d01QraTlMqVSsbx
> NrRFi9wrf+M7Q== schacon@mylaptop.local
> 
> an example of regexp that validate it:
> ssh-rsa AAAA[0-9A-Za-z+/]+[=]{0,3} ([^@]+@[^@]+)

Do you think removing "schacon@mylaptop.local" from the key is valid?

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAklOUpkDHrfHY17SbrmTIpNLTGK9Tjom/BWDSU
GPl+nafzlHDTYW7hdI4yZ5ew18JH4JW9jbhUFrviQzM7xlELEVf4h9lFX5QVkbPppSwg0cda3
Pbv7kOdJ/MTyBlWXFCR+HAo3FXRitBqxiX1nKhXpHAZsMciLq8V6RjsNAQwdsdMFvSlVK/7XA
t3FaoJoAsncM1Q9x5+3V0Ww68/eIFmb1zuUFljQJKprrX88XypNDvjYNby6vw/Pb0rwert/En
mZ+AW4OZPnTPI89ZPmVMLuayrD2cE86Z/il8b+gw3r3+1nKatmIkjn2so1d01QraTlMqVSsbx
NrRFi9wrf+M7Q==

Comment 4 Yaacov Zamir 2020-12-31 05:37:54 UTC
@Guohua looking at https://www.ietf.org/rfc/rfc4253.txt it looks like the mail address in the end is not part of the protocol, I will adjust the verification.

Comment 8 errata-xmlrpc 2021-02-24 15:49:11 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:5633


Note You need to log in before you can comment on or make changes to this bug.