Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make ssh key type configurable #14

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Make ssh key type configurable #14

wants to merge 3 commits into from

Conversation

alxwr
Copy link
Member

@alxwr alxwr commented Feb 10, 2024

PR progress checklist (to be filled in by reviewers)

  • Changes to documentation are appropriate (or tick if not required)
  • Changes to tests are appropriate (or tick if not required)
  • Reviews completed

What type of PR is this?

Primary type

  • [build] Changes related to the build system
  • [chore] Changes to the build process or auxiliary tools and libraries such as documentation generation
  • [ci] Changes to the continuous integration configuration
  • [feat] A new feature
  • [fix] A bug fix
  • [perf] A code change that improves performance
  • [refactor] A code change that neither fixes a bug nor adds a feature
  • [revert] A change used to revert a previous commit
  • [style] Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc.)

Secondary type

  • [docs] Documentation changes
  • [test] Adding missing or correcting existing tests

Does this PR introduce a BREAKING CHANGE?

No. Once generated, the admin's SSH key stays untouched.

Related issues and/or pull requests

none

Describe the changes you're proposing

ssh-rsa is getting phased out. This MR uses ssh-ed25519 as the new standard.

https://security.stackexchange.com/questions/226131/openssh-declares-ssh-rsa-deprecated-what-do-i-do-next

Pillar / config required to test the proposed changes

---
gitolite:
  ssh_admin_pubkey_type: 'ed25519'

Debug log showing how the proposed changes work

myhost:
----------
          ID: generate_git_admin_key
    Function: cmd.run
        Name: ssh-keygen -t ed25519 -N '' -f /home/git-admin/.ssh/id_ed25519
      Result: True
     Comment: Command "ssh-keygen -t ed25519 -N '' -f /home/git-admin/.ssh/id_ed25519" run
     Started: 13:34:58.844644
    Duration: 906.05 ms
     Changes:   
              ----------
              pid:
                  37388
              retcode:
                  0
              stderr:
              stdout:
                  Generating public/private ed25519 key pair.
                  Your identification has been saved in /home/git-admin/.ssh/id_ed25519
                  Your public key has been saved in /home/git-admin/.ssh/id_ed25519.pub
                  The key fingerprint is:
                  [...]
----------
          ID: /home/git/gitolite-admin.pub
    Function: file.copy
      Result: True
     Comment: Copied "/home/git-admin/.ssh/id_ed25519.pub" to "/home/git/gitolite-admin.pub"
     Started: 13:34:59.751475
    Duration: 5.507 ms
     Changes:   
              ----------
              /home/git/gitolite-admin.pub:
                  /home/git-admin/.ssh/id_ed25519.pub
              user:
                  git
----------
          ID: setup_gitolite_git
    Function: cmd.run
        Name: /home/git/gitolite/src/gitolite setup -pk /home/git/gitolite-admin.pub
      Result: True
     Comment: Command "/home/git/gitolite/src/gitolite setup -pk /home/git/gitolite-admin.pub" run
     Started: 13:34:59.789546
    Duration: 1570.74 ms
     Changes:   
              ----------
              pid:
                  37400
              retcode:
                  0
              stderr:
              stdout:
----------
          ID: clone_admin_repo_git
    Function: git.latest
        Name: git@myhost:gitolite-admin.git
      Result: True
     Comment: git@myhost:gitolite-admin.git was fetched, resulting in updated refs. Repository was fast-forwarded to origin/master (228402b).
     Started: 13:35:01.361495
    Duration: 1991.768 ms
     Changes:   
              ----------
              revision:
                  ----------
                  new:
                      [...]
                  old:
                      [...]

Summary for myhost
-------------
Succeeded: 25 (changed=4)
Failed:     0
-------------
Total states run:     25
Total run time:    6.571 s

Documentation checklist

  • Updated the README (e.g. Available states).
  • Updated pillar.example.

Testing checklist

  • Included in Kitchen (i.e. under state_top).
  • Covered by new/existing tests (e.g. InSpec, Serverspec, etc.).
  • Updated the relevant test pillar.

Additional context

@alxwr alxwr self-assigned this Feb 10, 2024
@alxwr alxwr requested a review from aboe76 February 10, 2024 12:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aboe76 aboe76 Awaiting requested review from aboe76

Assignees

@alxwr alxwr

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@alxwr