[cloud-init/f22: 4/9] Add recognition of 3 ecdsa-sha2-nistp* ssh key types
gholms
gholms at fedoraproject.org
Fri Feb 20 02:21:57 UTC 2015
commit 0a23a4d1f955350568991e7ee7a65156f1aab1c7
Author: Garrett Holmstrom <gholms at devzero.com>
Date: Thu Feb 19 16:02:21 2015 -0800
Add recognition of 3 ecdsa-sha2-nistp* ssh key types
This makes disabling root logins work for newly-approved types of keys.
https://bugzilla.redhat.com/show_bug.cgi?id=1151824
cloud-init-0.7.6-ecdsa.patch | 12 ++++++++++++
cloud-init.spec | 5 +++++
2 files changed, 17 insertions(+)
---
diff --git a/cloud-init-0.7.6-ecdsa.patch b/cloud-init-0.7.6-ecdsa.patch
new file mode 100644
index 0000000..cc2e2c7
--- /dev/null
+++ b/cloud-init-0.7.6-ecdsa.patch
@@ -0,0 +1,12 @@
+Index: cloud-init-0.7.6/cloudinit/ssh_util.py
+===================================================================
+--- cloud-init-0.7.6.orig/cloudinit/ssh_util.py
++++ cloud-init-0.7.6/cloudinit/ssh_util.py
+@@ -32,6 +32,7 @@ DEF_SSHD_CFG = "/etc/ssh/sshd_config"
+
+ # taken from openssh source key.c/key_type_from_name
+ VALID_KEY_TYPES = ("rsa", "dsa", "ssh-rsa", "ssh-dss", "ecdsa",
++ "ecdsa-sha2-nistp256", "ecdsa-sha2-nistp384", "ecdsa-sha2-nistp521",
+ "ssh-rsa-cert-v00 at openssh.com", "ssh-dss-cert-v00 at openssh.com",
+ "ssh-rsa-cert-v00 at openssh.com", "ssh-dss-cert-v00 at openssh.com",
+ "ssh-rsa-cert-v01 at openssh.com", "ssh-dss-cert-v01 at openssh.com",
diff --git a/cloud-init.spec b/cloud-init.spec
index 3350c3d..1883267 100644
--- a/cloud-init.spec
+++ b/cloud-init.spec
@@ -28,6 +28,10 @@ Patch1: cloud-init-0.7.5-rsyslog-programname.patch
# Systemd 213 removed the --quiet option from ``udevadm settle''
Patch2: cloud-init-0.7.5-udevadm-quiet.patch
+# Add 3 ecdsa-sha2-nistp* ssh key types now that they are standardized
+# https://bugzilla.redhat.com/show_bug.cgi?id=1151824
+Patch3: cloud-init-0.7.6-ecdsa.patch
+
# Deal with noarch -> arch
# https://bugzilla.redhat.com/show_bug.cgi?id=1067089
Obsoletes: cloud-init < 0.7.5-3
@@ -157,6 +161,7 @@ fi
* Thu Feb 19 2015 Garrett Holmstrom <gholms at fedoraproject.org> - 0.7.6-3
- Stopped depending on git to build
- Stopped implicitly listing doc files twice
+- Added recognition of 3 ecdsa-sha2-nistp* ssh key types [RH:1151824]
* Fri Nov 14 2014 Colin Walters <walters at redhat.com> - 0.7.6-2
- New upstream version [RH:974327]
More information about the scm-commits
mailing list