From 77092338c539627083d53f19bca84450216706af Mon Sep 17 00:00:00 2001
From: Michael Felt <aixtools@gmail.com>
Date: Thu, 15 Dec 2016 15:58:08 +0000
Subject: Update the list of valid ssh keys.

Update ssh_util.py with latest list of keys (from openssh-7.3p1/sshkeys.c),
and remove extinct keys ending with "-v00@openssh.com"

Added keys:
  rsa-sha2-256,
  rsa-sha2-512,
  ed25519,
  ssh-ed25519,
  ssh-ed25519-cert-v01@openssh.com

Removed both of the double entries for the keys:
  ssh-dss-cert-v00@openssh.com
  ssh-rsa-cert-v00@openssh.com
---
 cloudinit/ssh_util.py | 23 ++++++++++++++++-------
 1 file changed, 16 insertions(+), 7 deletions(-)

(limited to 'cloudinit/ssh_util.py')

diff --git a/cloudinit/ssh_util.py b/cloudinit/ssh_util.py
index c74a7ae2..0d595b02 100644
--- a/cloudinit/ssh_util.py
+++ b/cloudinit/ssh_util.py
@@ -30,16 +30,25 @@ LOG = logging.getLogger(__name__)
 # See: man sshd_config
 DEF_SSHD_CFG = "/etc/ssh/sshd_config"
 
-# taken from openssh source key.c/key_type_from_name
+# taken from openssh source openssh-7.3p1/sshkey.c:
+# static const struct keytype keytypes[] = { ... }
 VALID_KEY_TYPES = (
-    "rsa", "dsa", "ssh-rsa", "ssh-dss", "ecdsa",
-    "ssh-rsa-cert-v00@openssh.com", "ssh-dss-cert-v00@openssh.com",
-    "ssh-rsa-cert-v00@openssh.com", "ssh-dss-cert-v00@openssh.com",
-    "ssh-rsa-cert-v01@openssh.com", "ssh-dss-cert-v01@openssh.com",
+    "dsa",
+    "ecdsa",
     "ecdsa-sha2-nistp256-cert-v01@openssh.com",
     "ecdsa-sha2-nistp384-cert-v01@openssh.com",
-    "ecdsa-sha2-nistp521-cert-v01@openssh.com")
-
+    "ecdsa-sha2-nistp521-cert-v01@openssh.com",
+    "ed25519",
+    "rsa",
+    "rsa-sha2-256",
+    "rsa-sha2-512",
+    "ssh-dss",
+    "ssh-dss-cert-v01@openssh.com",
+    "ssh-ed25519",
+    "ssh-ed25519-cert-v01@openssh.com",
+    "ssh-rsa",
+    "ssh-rsa-cert-v01@openssh.com",
+)
 
 class AuthKeyLine(object):
     def __init__(self, source, keytype=None, base64=None,
-- 
cgit v1.2.3