Force the format of ssh key to PEM, at least for now

Unfortunately it is not possible to switch to the new, more secure, native format of OpenSSH >=6.5, because paramiko does not support it: https://github.com/paramiko/paramiko/issues/602 A similar change has been applied to sahara some time ago: https://review.opendev.org/605028 Story: 2003674 Task: 35983 Change-Id: I5683245c0a9373e299a647f7f61d3e6a2de284e6
2019-07-29 10:11:28 +02:00 · 2019-07-29 10:11:28 +02:00 · 9f57fcaa9f
parent 994b21aacd
commit 9f57fcaa9f
2 changed files with 10 additions and 0 deletions
--- a/releasenotes/notes/force-pem-ssh-keys-2cc9eb30a76c8dd1.yaml
+++ b/releasenotes/notes/force-pem-ssh-keys-2cc9eb30a76c8dd1.yaml
@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    Force the PEM format for the generated ssh keys,
+    because paramiko does not yet support the new one
+    (https://github.com/paramiko/paramiko/issues/602).
--- a/sahara_tests/utils/crypto.py
+++ b/sahara_tests/utils/crypto.py
@ -35,10 +35,14 @@ def generate_key_pair(key_length=2048):
    """
    with tempfiles.tempdir() as tmpdir:
        keyfile = os.path.join(tmpdir, 'tempkey')
+        # The key is generated in the old PEM format, instead of the native
+        # format of OpenSSH >=6.5, because paramiko does not support it:
+        # https://github.com/paramiko/paramiko/issues/602
        args = [
            'ssh-keygen',
            '-q',  # quiet
            '-N', '',  # w/o passphrase
+            '-m', 'PEM',  # old PEM format
            '-t', 'rsa',  # create key of rsa type
            '-f', keyfile,  # filename of the key file
            '-C', 'Generated-by-Sahara'  # key comment