summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Felt <aixtools@gmail.com>2016-12-15 15:58:08 +0000
committerScott Moser <smoser@brickies.net>2016-12-20 12:11:52 -0500
commit77092338c539627083d53f19bca84450216706af (patch)
tree21bd0b6b65cdc8b44694682fc3468652d66ac6f4
parent071563198530008651ef12c6039241086c5b60ad (diff)
downloadvyos-cloud-init-77092338c539627083d53f19bca84450216706af.tar.gz
vyos-cloud-init-77092338c539627083d53f19bca84450216706af.zip
Update the list of valid ssh keys.
Update ssh_util.py with latest list of keys (from openssh-7.3p1/sshkeys.c), and remove extinct keys ending with "-v00@openssh.com" Added keys: rsa-sha2-256, rsa-sha2-512, ed25519, ssh-ed25519, ssh-ed25519-cert-v01@openssh.com Removed both of the double entries for the keys: ssh-dss-cert-v00@openssh.com ssh-rsa-cert-v00@openssh.com
-rw-r--r--cloudinit/ssh_util.py23
1 files changed, 16 insertions, 7 deletions
diff --git a/cloudinit/ssh_util.py b/cloudinit/ssh_util.py
index c74a7ae2..0d595b02 100644
--- a/cloudinit/ssh_util.py
+++ b/cloudinit/ssh_util.py
@@ -30,16 +30,25 @@ LOG = logging.getLogger(__name__)
# See: man sshd_config
DEF_SSHD_CFG = "/etc/ssh/sshd_config"
-# taken from openssh source key.c/key_type_from_name
+# taken from openssh source openssh-7.3p1/sshkey.c:
+# static const struct keytype keytypes[] = { ... }
VALID_KEY_TYPES = (
- "rsa", "dsa", "ssh-rsa", "ssh-dss", "ecdsa",
- "ssh-rsa-cert-v00@openssh.com", "ssh-dss-cert-v00@openssh.com",
- "ssh-rsa-cert-v00@openssh.com", "ssh-dss-cert-v00@openssh.com",
- "ssh-rsa-cert-v01@openssh.com", "ssh-dss-cert-v01@openssh.com",
+ "dsa",
+ "ecdsa",
"ecdsa-sha2-nistp256-cert-v01@openssh.com",
"ecdsa-sha2-nistp384-cert-v01@openssh.com",
- "ecdsa-sha2-nistp521-cert-v01@openssh.com")
-
+ "ecdsa-sha2-nistp521-cert-v01@openssh.com",
+ "ed25519",
+ "rsa",
+ "rsa-sha2-256",
+ "rsa-sha2-512",
+ "ssh-dss",
+ "ssh-dss-cert-v01@openssh.com",
+ "ssh-ed25519",
+ "ssh-ed25519-cert-v01@openssh.com",
+ "ssh-rsa",
+ "ssh-rsa-cert-v01@openssh.com",
+)
class AuthKeyLine(object):
def __init__(self, source, keytype=None, base64=None,