Bug 821107 - Support other SSH keys types
Summary: Support other SSH keys types
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: OKD
Classification: Red Hat
Component: Master
Version: 2.x
Hardware: Unspecified
OS: Unspecified
medium
low
Target Milestone: ---
: ---
Assignee: Clayton Coleman
QA Contact: libra bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-05-11 22:39 UTC by Clayton Coleman
Modified: 2015-05-15 00:51 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-11-06 18:48:59 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
sample ssh-rsa-cert-v01@openssh.com pub key (1.50 KB, application/octet-stream)
2012-10-17 19:27 UTC, Ravi Sankar 		no flags Details
sample private key (1.70 KB, application/x-x509-ca-cert)
2012-10-17 19:27 UTC, Ravi Sankar 		no flags Details
View All

Description Clayton Coleman 2012-05-11 22:39:59 UTC 
Reported here: https://openshift.redhat.com/community/content/use-proper-ssh-algorithms

Should make the valid key type check a bit looser.
Comment 1 Fabiano Franz 2012-05-30 00:10:01 UTC 
Lowering severity so this doesn't block the release.
Comment 2 Clayton Coleman 2012-09-10 20:51:26 UTC 
Openssh types - don't know whether Net::SSH supports all of these yet.

ecdsa-sha2-nistp256-cert-v01,
ecdsa-sha2-nistp384-cert-v01,
ecdsa-sha2-nistp521-cert-v01,
ssh-rsa-cert-v01,ssh-dss-cert-v01,
ssh-rsa-cert-v00,ssh-dss-cert-v00,
ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
ssh-rsa,ssh-dss
Comment 3 Clayton Coleman 2012-09-27 16:59:57 UTC 
Fixed the UI side in https://github.com/openshift/crankcase/pull/539, but the broker still is only allowing ssh-rsa/ssh-dsa.  This is now in the broker/api's court to allow key types besides ssh-rsa/ssh-dss.
Comment 4 Ravi Sankar 2012-10-16 21:59:38 UTC 
Now broker allows all ssh key types stated in 'man ssh_config'.
https://github.com/openshift/origin-server/pull/681

Clayton, please enable your test case ' test_key_create_custom_type' (console/test/integration/rest_api/key_test.rb).

'rhc sshkey' commandline utility need to be updated as well to support more ssh key types.
Comment 5 Ravi Sankar 2012-10-17 19:27:05 UTC 
Created attachment 629027 [details]
sample ssh-rsa-cert-v01 pub key
Comment 6 Ravi Sankar 2012-10-17 19:27:32 UTC 
Created attachment 629028 [details]
sample private key
Comment 7 Clayton Coleman 2012-10-17 19:28:57 UTC 
UI test case fixed in https://github.com/openshift/origin-server/pull/701
Comment 8 Clayton Coleman 2012-10-17 20:08:36 UTC 
rhc sshkey add now allows user to provide '--confirm' to bypass validation https://github.com/openshift/rhc/pull/186
Comment 9 openshift-github-bot 2012-10-18 16:47:25 UTC 
Commit pushed to master at https://github.com/openshift/rhc

https://github.com/openshift/rhc/commit/2266468c78c378790ad08aaa459562cbd244a236
Bug 821107 - Allow an unrecognizable SSH key to be uploaded

Users adding a key can specify --confirm to override validation on the client.  The server may still reject the key and the user will get a warning.
Comment 10 Rony Gong 🔥 2012-10-22 07:40:38 UTC 
Verified on devenv_2360, rhc:0.99.10.gem
Download the sample of pub key and private key
[qgong@localhost ~]$ rhc sshkey add qtest ~/Downloads/rhc1/sample-cert.pub 
File '/home/qgong/Downloads/rhc1/sample-cert.pub' does not appear to be a recognizable key file (unsupported key type
`ssh-rsa-cert-v01'). You may specify the '--confirm' flag to add the key anyway.
[qgong@localhost ~]$ rhc sshkey add qtest ~/Downloads/rhc1/sample-cert.pub --confirm
The key you are uploading is not recognized.  You may not be able to authenticate to your application through Git or
SSH.
Password: 


RESULT:
SSH key /home/qgong/Downloads/rhc1/sample-cert.pub has been added as 'qtest'

[qgong@localhost ~]$ rhc sshkey list

RESULT:
Password: 

       Name: qtest       Type: ssh-rsa-cert-v01: Invalid key
Note You need to log in before you can comment on or make changes to this bug.