[cloud-init/f22: 4/9] Add recognition of 3 ecdsa-sha2-nistp* ssh key types

gholms gholms at fedoraproject.org
Fri Feb 20 02:21:57 UTC 2015 

commit 0a23a4d1f955350568991e7ee7a65156f1aab1c7
Author: Garrett Holmstrom <gholms at devzero.com>
Date:   Thu Feb 19 16:02:21 2015 -0800

    Add recognition of 3 ecdsa-sha2-nistp* ssh key types
    
    This makes disabling root logins work for newly-approved types of keys.
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1151824

 cloud-init-0.7.6-ecdsa.patch | 12 ++++++++++++
 cloud-init.spec              |  5 +++++
 2 files changed, 17 insertions(+)
---
diff --git a/cloud-init-0.7.6-ecdsa.patch b/cloud-init-0.7.6-ecdsa.patch
new file mode 100644
index 0000000..cc2e2c7
--- /dev/null
+++ b/cloud-init-0.7.6-ecdsa.patch
@@ -0,0 +1,12 @@
+Index: cloud-init-0.7.6/cloudinit/ssh_util.py
+===================================================================
+--- cloud-init-0.7.6.orig/cloudinit/ssh_util.py
++++ cloud-init-0.7.6/cloudinit/ssh_util.py
+@@ -32,6 +32,7 @@ DEF_SSHD_CFG = "/etc/ssh/sshd_config"
+ 
+ # taken from openssh source key.c/key_type_from_name
+ VALID_KEY_TYPES = ("rsa", "dsa", "ssh-rsa", "ssh-dss", "ecdsa",
++    "ecdsa-sha2-nistp256", "ecdsa-sha2-nistp384", "ecdsa-sha2-nistp521",
+     "ssh-rsa-cert-v00 at openssh.com", "ssh-dss-cert-v00 at openssh.com",
+     "ssh-rsa-cert-v00 at openssh.com", "ssh-dss-cert-v00 at openssh.com",
+     "ssh-rsa-cert-v01 at openssh.com", "ssh-dss-cert-v01 at openssh.com",
diff --git a/cloud-init.spec b/cloud-init.spec
index 3350c3d..1883267 100644
--- a/cloud-init.spec
+++ b/cloud-init.spec
@@ -28,6 +28,10 @@ Patch1:         cloud-init-0.7.5-rsyslog-programname.patch
 # Systemd 213 removed the --quiet option from ``udevadm settle''
 Patch2:         cloud-init-0.7.5-udevadm-quiet.patch
 
+# Add 3 ecdsa-sha2-nistp* ssh key types now that they are standardized
+# https://bugzilla.redhat.com/show_bug.cgi?id=1151824
+Patch3:         cloud-init-0.7.6-ecdsa.patch
+
 # Deal with noarch -> arch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1067089
 Obsoletes:      cloud-init < 0.7.5-3
@@ -157,6 +161,7 @@ fi
 * Thu Feb 19 2015 Garrett Holmstrom <gholms at fedoraproject.org> - 0.7.6-3
 - Stopped depending on git to build
 - Stopped implicitly listing doc files twice
+- Added recognition of 3 ecdsa-sha2-nistp* ssh key types [RH:1151824]
 
 * Fri Nov 14 2014 Colin Walters <walters at redhat.com> - 0.7.6-2
 - New upstream version [RH:974327]

More information about the scm-commits mailing list