This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 821107 - Support other SSH keys types
Support other SSH keys types
Status: CLOSED CURRENTRELEASE
Product: OpenShift Origin
Classification: Red Hat
Component: Master (Show other bugs)
2.x
Unspecified Unspecified
medium Severity low
: ---
: ---
Assigned To: Clayton Coleman
libra bugs
: Triaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-05-11 18:39 EDT by Clayton Coleman
Modified: 2015-05-14 20:51 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-11-06 13:48:59 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
sample ssh-rsa-cert-v01@openssh.com pub key (1.50 KB, application/octet-stream)
2012-10-17 15:27 EDT, Ravi Sankar
no flags Details
sample private key (1.70 KB, application/x-x509-ca-cert)
2012-10-17 15:27 EDT, Ravi Sankar
no flags Details

  None (edit)
Description Clayton Coleman 2012-05-11 18:39:59 EDT
Reported here: https://openshift.redhat.com/community/content/use-proper-ssh-algorithms

Should make the valid key type check a bit looser.
Comment 1 Fabiano Franz 2012-05-29 20:10:01 EDT
Lowering severity so this doesn't block the release.
Comment 2 Clayton Coleman 2012-09-10 16:51:26 EDT
Openssh types - don't know whether Net::SSH supports all of these yet.

ecdsa-sha2-nistp256-cert-v01@openssh.com,
ecdsa-sha2-nistp384-cert-v01@openssh.com,
ecdsa-sha2-nistp521-cert-v01@openssh.com,
ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,
ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,
ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
ssh-rsa,ssh-dss
Comment 3 Clayton Coleman 2012-09-27 12:59:57 EDT
Fixed the UI side in https://github.com/openshift/crankcase/pull/539, but the broker still is only allowing ssh-rsa/ssh-dsa.  This is now in the broker/api's court to allow key types besides ssh-rsa/ssh-dss.
Comment 4 Ravi Sankar 2012-10-16 17:59:38 EDT
Now broker allows all ssh key types stated in 'man ssh_config'.
https://github.com/openshift/origin-server/pull/681

Clayton, please enable your test case ' test_key_create_custom_type' (console/test/integration/rest_api/key_test.rb).

'rhc sshkey' commandline utility need to be updated as well to support more ssh key types.
Comment 5 Ravi Sankar 2012-10-17 15:27:05 EDT
Created attachment 629027 [details]
sample ssh-rsa-cert-v01@openssh.com pub key
Comment 6 Ravi Sankar 2012-10-17 15:27:32 EDT
Created attachment 629028 [details]
sample private key
Comment 7 Clayton Coleman 2012-10-17 15:28:57 EDT
UI test case fixed in https://github.com/openshift/origin-server/pull/701
Comment 8 Clayton Coleman 2012-10-17 16:08:36 EDT
rhc sshkey add now allows user to provide '--confirm' to bypass validation https://github.com/openshift/rhc/pull/186
Comment 9 openshift-github-bot 2012-10-18 12:47:25 EDT
Commit pushed to master at https://github.com/openshift/rhc

https://github.com/openshift/rhc/commit/2266468c78c378790ad08aaa459562cbd244a236
Bug 821107 - Allow an unrecognizable SSH key to be uploaded

Users adding a key can specify --confirm to override validation on the client.  The server may still reject the key and the user will get a warning.
Comment 10 Rony Gong 2012-10-22 03:40:38 EDT
Verified on devenv_2360, rhc:0.99.10.gem
Download the sample of pub key and private key
[qgong@localhost ~]$ rhc sshkey add qtest ~/Downloads/rhc1/sample-cert.pub 
File '/home/qgong/Downloads/rhc1/sample-cert.pub' does not appear to be a recognizable key file (unsupported key type
`ssh-rsa-cert-v01@openssh.com'). You may specify the '--confirm' flag to add the key anyway.
[qgong@localhost ~]$ rhc sshkey add qtest ~/Downloads/rhc1/sample-cert.pub --confirm
The key you are uploading is not recognized.  You may not be able to authenticate to your application through Git or
SSH.
Password: 


RESULT:
SSH key /home/qgong/Downloads/rhc1/sample-cert.pub has been added as 'qtest'

[qgong@localhost ~]$ rhc sshkey list

RESULT:
Password: 

       Name: qtest       Type: ssh-rsa-cert-v01@openssh.comFingerprint: Invalid key

Note You need to log in before you can comment on or make changes to this bug.