Add recognition of 3 ecdsa-sha2-nistp* ssh key types

This makes disabling root logins work for newly-approved types of keys.

https://bugzilla.redhat.com/show_bug.cgi?id=1151824
This commit is contained in:
Garrett Holmstrom 2015-02-19 16:02:21 -08:00
parent 22dbc1a7cc
commit 0a23a4d1f9
2 changed files with 17 additions and 0 deletions

View File

@ -0,0 +1,12 @@
Index: cloud-init-0.7.6/cloudinit/ssh_util.py
===================================================================
--- cloud-init-0.7.6.orig/cloudinit/ssh_util.py
+++ cloud-init-0.7.6/cloudinit/ssh_util.py
@@ -32,6 +32,7 @@ DEF_SSHD_CFG = "/etc/ssh/sshd_config"
# taken from openssh source key.c/key_type_from_name
VALID_KEY_TYPES = ("rsa", "dsa", "ssh-rsa", "ssh-dss", "ecdsa",
+ "ecdsa-sha2-nistp256", "ecdsa-sha2-nistp384", "ecdsa-sha2-nistp521",
"ssh-rsa-cert-v00@openssh.com", "ssh-dss-cert-v00@openssh.com",
"ssh-rsa-cert-v00@openssh.com", "ssh-dss-cert-v00@openssh.com",
"ssh-rsa-cert-v01@openssh.com", "ssh-dss-cert-v01@openssh.com",

View File

@ -28,6 +28,10 @@ Patch1: cloud-init-0.7.5-rsyslog-programname.patch
# Systemd 213 removed the --quiet option from ``udevadm settle''
Patch2: cloud-init-0.7.5-udevadm-quiet.patch
# Add 3 ecdsa-sha2-nistp* ssh key types now that they are standardized
# https://bugzilla.redhat.com/show_bug.cgi?id=1151824
Patch3: cloud-init-0.7.6-ecdsa.patch
# Deal with noarch -> arch
# https://bugzilla.redhat.com/show_bug.cgi?id=1067089
Obsoletes: cloud-init < 0.7.5-3
@ -157,6 +161,7 @@ fi
* Thu Feb 19 2015 Garrett Holmstrom <gholms@fedoraproject.org> - 0.7.6-3
- Stopped depending on git to build
- Stopped implicitly listing doc files twice
- Added recognition of 3 ecdsa-sha2-nistp* ssh key types [RH:1151824]
* Fri Nov 14 2014 Colin Walters <walters@redhat.com> - 0.7.6-2
- New upstream version [RH:974327]