From 0a23a4d1f955350568991e7ee7a65156f1aab1c7 Mon Sep 17 00:00:00 2001
From: Garrett Holmstrom <gholms@devzero.com>
Date: Thu, 19 Feb 2015 16:02:21 -0800
Subject: [PATCH] Add recognition of 3 ecdsa-sha2-nistp* ssh key types

This makes disabling root logins work for newly-approved types of keys.

https://bugzilla.redhat.com/show_bug.cgi?id=1151824
---
 cloud-init-0.7.6-ecdsa.patch | 12 ++++++++++++
 cloud-init.spec              |  5 +++++
 2 files changed, 17 insertions(+)
 create mode 100644 cloud-init-0.7.6-ecdsa.patch

diff --git a/cloud-init-0.7.6-ecdsa.patch b/cloud-init-0.7.6-ecdsa.patch
new file mode 100644
index 0000000..cc2e2c7
--- /dev/null
+++ b/cloud-init-0.7.6-ecdsa.patch
@@ -0,0 +1,12 @@
+Index: cloud-init-0.7.6/cloudinit/ssh_util.py
+===================================================================
+--- cloud-init-0.7.6.orig/cloudinit/ssh_util.py
++++ cloud-init-0.7.6/cloudinit/ssh_util.py
+@@ -32,6 +32,7 @@ DEF_SSHD_CFG = "/etc/ssh/sshd_config"
+ 
+ # taken from openssh source key.c/key_type_from_name
+ VALID_KEY_TYPES = ("rsa", "dsa", "ssh-rsa", "ssh-dss", "ecdsa",
++    "ecdsa-sha2-nistp256", "ecdsa-sha2-nistp384", "ecdsa-sha2-nistp521",
+     "ssh-rsa-cert-v00@openssh.com", "ssh-dss-cert-v00@openssh.com",
+     "ssh-rsa-cert-v00@openssh.com", "ssh-dss-cert-v00@openssh.com",
+     "ssh-rsa-cert-v01@openssh.com", "ssh-dss-cert-v01@openssh.com",
diff --git a/cloud-init.spec b/cloud-init.spec
index 3350c3d..1883267 100644
--- a/cloud-init.spec
+++ b/cloud-init.spec
@@ -28,6 +28,10 @@ Patch1:         cloud-init-0.7.5-rsyslog-programname.patch
 # Systemd 213 removed the --quiet option from ``udevadm settle''
 Patch2:         cloud-init-0.7.5-udevadm-quiet.patch
 
+# Add 3 ecdsa-sha2-nistp* ssh key types now that they are standardized
+# https://bugzilla.redhat.com/show_bug.cgi?id=1151824
+Patch3:         cloud-init-0.7.6-ecdsa.patch
+
 # Deal with noarch -> arch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1067089
 Obsoletes:      cloud-init < 0.7.5-3
@@ -157,6 +161,7 @@ fi
 * Thu Feb 19 2015 Garrett Holmstrom <gholms@fedoraproject.org> - 0.7.6-3
 - Stopped depending on git to build
 - Stopped implicitly listing doc files twice
+- Added recognition of 3 ecdsa-sha2-nistp* ssh key types [RH:1151824]
 
 * Fri Nov 14 2014 Colin Walters <walters@redhat.com> - 0.7.6-2
 - New upstream version [RH:974327]