2048500 – VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys

Bug 2048500 - VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys

Summary: VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Advanced Cluster Management for Kubernetes
Classification:	Red Hat
Component:	Console
Sub Component:
Version:	rhacm-2.4
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	rhacm-2.4.3
Assignee:	Kevin Cormier
QA Contact:	Xiang Yin
Docs Contact:	Christopher Dawson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2022-01-31 11:35 UTC by Gellert Kis
Modified:	2025-08-08 12:23 UTC (History)
CC List:	11 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2022-04-20 23:47:32 UTC
Target Upstream Version:
Embargoed:
Flags:	bot-tracker-sync: rhacm-2.4.z+ kcormier: needinfo- kcormier: needinfo-

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	stolostron backlog issues 19558	0	None	None	None	2022-01-31 15:05:09 UTC
Red Hat Product Errata	RHSA-2022:1476	0	None	None	None	2022-04-20 23:47:44 UTC

Description Gellert Kis 2022-01-31 11:35:19 UTC

Description of the problem:



ECDSA keys are not accepted in RHACM , however should be possible according to 
https://docs.openshift.com/container-platform/4.9/installing/installing_vsphere/installing-vsphere-installer-provisioned-customizations.html

Release version:

Operator snapshot version:

OCP version:

Browser Info:

Steps to reproduce:
1. add vmware credentials with ECDSA key
2.
3.

Actual results: error 

Expected results: no error

Additional info:

Comment 1 daliu 2022-02-07 06:19:36 UTC

@jdiaz could you help to take a look?

Comment 2 Joel Diaz 2022-02-07 13:10:59 UTC

Are there hive logs showing an issue?

Comment 3 daliu 2022-02-08 08:47:29 UTC

@jdiaz Sorry for that.
It looks like the ACM UI check fails when input the ssh public key.

@kcormier could you help to take a look?

Comment 6 bot-tracker-sync 2022-02-15 18:03:39 UTC

G2Bsync 1040467750 comment 
 KevinFCormier Tue, 15 Feb 2022 16:10:52 UTC 
 G2Bsync The current list of supported key types is: ssh-rsa, ssh-dss, ssh-ed25519, ecdsa-sha2-nistp256

See https://github.com/stolostron/console/blob/main/frontend/src/lib/validation.ts#L28

As a workaround, you can enter one of these types for the public key temporarily when creating the Credential, then update the secret via the CLI or using the OCP console to use your ecdsa-sha2-nistp521 public key.

Comment 7 Napoco Agbetra 2022-04-12 22:14:41 UTC

Verified the fix by adding creating vmware credentials using ecdsa-sha2-nistp521 ssh keys and successfully creating a vmware cluster.

Comment 13 errata-xmlrpc 2022-04-20 23:47:32 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: Red Hat Advanced Cluster Management 2.4.3 security updates and bug fixes), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:1476

Note You need to log in before you can comment on or make changes to this bug.