Red Hat Bugzilla – Bug 821107
Support other SSH keys types
Last modified: 2015-05-14 20:51:17 EDT
Reported here: https://openshift.redhat.com/community/content/use-proper-ssh-algorithms
Should make the valid key type check a bit looser.
Lowering severity so this doesn't block the release.
Openssh types - don't know whether Net::SSH supports all of these yet.
Fixed the UI side in https://github.com/openshift/crankcase/pull/539, but the broker still is only allowing ssh-rsa/ssh-dsa. This is now in the broker/api's court to allow key types besides ssh-rsa/ssh-dss.
Now broker allows all ssh key types stated in 'man ssh_config'.
Clayton, please enable your test case ' test_key_create_custom_type' (console/test/integration/rest_api/key_test.rb).
'rhc sshkey' commandline utility need to be updated as well to support more ssh key types.
Created attachment 629027 [details]
sample email@example.com pub key
Created attachment 629028 [details]
sample private key
UI test case fixed in https://github.com/openshift/origin-server/pull/701
rhc sshkey add now allows user to provide '--confirm' to bypass validation https://github.com/openshift/rhc/pull/186
Commit pushed to master at https://github.com/openshift/rhc
Bug 821107 - Allow an unrecognizable SSH key to be uploaded
Users adding a key can specify --confirm to override validation on the client. The server may still reject the key and the user will get a warning.
Verified on devenv_2360, rhc:0.99.10.gem
Download the sample of pub key and private key
[qgong@localhost ~]$ rhc sshkey add qtest ~/Downloads/rhc1/sample-cert.pub
File '/home/qgong/Downloads/rhc1/sample-cert.pub' does not appear to be a recognizable key file (unsupported key type
`firstname.lastname@example.org'). You may specify the '--confirm' flag to add the key anyway.
[qgong@localhost ~]$ rhc sshkey add qtest ~/Downloads/rhc1/sample-cert.pub --confirm
The key you are uploading is not recognized. You may not be able to authenticate to your application through Git or
SSH key /home/qgong/Downloads/rhc1/sample-cert.pub has been added as 'qtest'
[qgong@localhost ~]$ rhc sshkey list
Name: qtest Type: email@example.comFingerprint: Invalid key