headers
Stefan Schulte | 1 Jul 2011 13:34

ssh_authorized_keys should support new key types

Stig Sandbeck Mathisen reported:

    SSH now supports additional key types. From the sshd man page (openssh
    version 5.8p1 on ubuntu):

        For protocol version 2 the keytype is “ecdsa-sha2-nistp256”,
        “ecdsa-sha2-nistp384”, “ecdsa-sha2-nistp521”, “ssh-dss” or
        “ssh-rsa”.

    The puppet ssh_authorized_key and sshkey types only support “ssh-dss”
    and “ssh-rsa”.

First patch adds the new types to ssh_authorized_key, second patch adds
the new types to sshkey.

-Stefan

--

-- 
You received this message because you are subscribed to the Google Groups "Puppet Developers" group.
To post to this group, send email to puppet-dev <at> googlegroups.com.
To unsubscribe from this group, send email to puppet-dev+unsubscribe <at> googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
Permalink | Reply |
headers
Stefan Schulte | 1 Jul 2011 13:34

[PATCH/puppet 1/2] (#8193) Support new keytypes for ssh_authorized_key

Recent versions of openssh (at least openssh 5.8) support the following
keytypes in in the authorized_keys file: ecdsa-sha2-nistp256,
ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, ssh-dss or ssh-rsa.

Add support for ecdsa-sha2-nistp256, ecdsa-sha2-nistp384 and
ecdsa-sha2-nistp521.

Signed-off-by: Stefan Schulte <stefan.schulte <at> taunusstein.net>
---
Local-branch: ticket/2.7.x/8193
 lib/puppet/type/ssh_authorized_key.rb     |    7 +++----
 spec/unit/type/ssh_authorized_key_spec.rb |   19 ++++---------------
 2 files changed, 7 insertions(+), 19 deletions(-)

diff --git a/lib/puppet/type/ssh_authorized_key.rb b/lib/puppet/type/ssh_authorized_key.rb
index 170dc83..80bc60e 100644
--- a/lib/puppet/type/ssh_authorized_key.rb
+++ b/lib/puppet/type/ssh_authorized_key.rb
 <at>  <at>  -23,11 +23,10  <at>  <at>  module Puppet
     newproperty(:type) do
       desc "The encryption type used: ssh-dss or ssh-rsa."

-      newvalue("ssh-dss")
-      newvalue("ssh-rsa")
+      newvalues :'ssh-dss', :'ssh-rsa', :'ecdsa-sha2-nistp256', :'ecdsa-sha2-nistp384', :'ecdsa-sha2-nistp521'

-      aliasvalue(:dsa, "ssh-dss")
-      aliasvalue(:rsa, "ssh-rsa")
+      aliasvalue(:dsa, :'ssh-dss')
+      aliasvalue(:rsa, :'ssh-rsa')
(Continue reading)

Permalink | Reply |
headers
Stefan Schulte | 1 Jul 2011 13:34

[PATCH/puppet 2/2] (#8193) Support new keytypes for sshkey

Recent versions of openssh (at least openssh 5.8) support the following
keytypes in in the authorized_keys file: ecdsa-sha2-nistp256,
ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, ssh-dss or ssh-rsa.

Add support for ecdsa-sha2-nistp256, ecdsa-sha2-nistp384 and
ecdsa-sha2-nistp521.

Signed-off-by: Stefan Schulte <stefan.schulte <at> taunusstein.net>
---
Local-branch: ticket/2.7.x/8193
 lib/puppet/type/sshkey.rb     |    8 ++++----
 spec/unit/type/sshkey_spec.rb |   20 +++++++++-----------
 2 files changed, 13 insertions(+), 15 deletions(-)

diff --git a/lib/puppet/type/sshkey.rb b/lib/puppet/type/sshkey.rb
index 59a1a12..41b3dde 100755
--- a/lib/puppet/type/sshkey.rb
+++ b/lib/puppet/type/sshkey.rb
 <at>  <at>  -9,10 +9,10  <at>  <at>  module Puppet
     newproperty(:type) do
       desc "The encryption type used.  Probably ssh-dss or ssh-rsa."

-      newvalue("ssh-dss")
-      newvalue("ssh-rsa")
-      aliasvalue(:dsa, "ssh-dss")
-      aliasvalue(:rsa, "ssh-rsa")
+      newvalues :'ssh-dss', :'ssh-rsa', :'ecdsa-sha2-nistp256', :'ecdsa-sha2-nistp384', :'ecdsa-sha2-nistp521'
+
+      aliasvalue(:dsa, :'ssh-dss')
+      aliasvalue(:rsa, :'ssh-rsa')
(Continue reading)

Permalink | Reply |

Gmane