From 9f57fcaa9fbd46f2ed4f6f44a13f2b4553f3b7b4 Mon Sep 17 00:00:00 2001 From: Luigi Toscano Date: Mon, 29 Jul 2019 10:11:28 +0200 Subject: [PATCH] Force the format of ssh key to PEM, at least for now Unfortunately it is not possible to switch to the new, more secure, native format of OpenSSH >=6.5, because paramiko does not support it: https://github.com/paramiko/paramiko/issues/602 A similar change has been applied to sahara some time ago: https://review.opendev.org/605028 Story: 2003674 Task: 35983 Change-Id: I5683245c0a9373e299a647f7f61d3e6a2de284e6 --- releasenotes/notes/force-pem-ssh-keys-2cc9eb30a76c8dd1.yaml | 6 ++++++ sahara_tests/utils/crypto.py | 4 ++++ 2 files changed, 10 insertions(+) create mode 100644 releasenotes/notes/force-pem-ssh-keys-2cc9eb30a76c8dd1.yaml diff --git a/releasenotes/notes/force-pem-ssh-keys-2cc9eb30a76c8dd1.yaml b/releasenotes/notes/force-pem-ssh-keys-2cc9eb30a76c8dd1.yaml new file mode 100644 index 00000000..e305635a --- /dev/null +++ b/releasenotes/notes/force-pem-ssh-keys-2cc9eb30a76c8dd1.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + Force the PEM format for the generated ssh keys, + because paramiko does not yet support the new one + (https://github.com/paramiko/paramiko/issues/602). diff --git a/sahara_tests/utils/crypto.py b/sahara_tests/utils/crypto.py index e5fc6ae1..878e63fd 100644 --- a/sahara_tests/utils/crypto.py +++ b/sahara_tests/utils/crypto.py @@ -35,10 +35,14 @@ def generate_key_pair(key_length=2048): """ with tempfiles.tempdir() as tmpdir: keyfile = os.path.join(tmpdir, 'tempkey') + # The key is generated in the old PEM format, instead of the native + # format of OpenSSH >=6.5, because paramiko does not support it: + # https://github.com/paramiko/paramiko/issues/602 args = [ 'ssh-keygen', '-q', # quiet '-N', '', # w/o passphrase + '-m', 'PEM', # old PEM format '-t', 'rsa', # create key of rsa type '-f', keyfile, # filename of the key file '-C', 'Generated-by-Sahara' # key comment