yahoo-eng-team team mailing list archive

Thread
Date
[Bug 1102501] Re: EncryptionFailure: Failed to encrypt text: ssh-keygen: illegal option -- m

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Thu, 21 Feb 2013 08:53:25 -0000
Reply-to: Bug 1102501 <1102501@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
** Changed in: nova
       Status: Fix Committed => Fix Released

** Changed in: nova
    Milestone: None => grizzly-3

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1102501

Title:
  EncryptionFailure: Failed to encrypt text: ssh-keygen: illegal option
  -- m

Status in OpenStack Compute (Nova):
  Fix Released

Bug description:
  A recent change (daa5db3f4e990185522f38d1011cfe37141298fe) requires a
  recently added feature of ssh-keygen to operate. If running a slightly
  older version, tests fail with this traceback:

  ======================================================================
  ERROR: nova.tests.test_crypto.EncryptionTests.test_ssh_encrypt_decrypt_text
  tags: worker-1
  ----------------------------------------------------------------------
  Empty attachments:
    pythonlogging:'nova'
    stderr
    stdout

  Traceback (most recent call last):
    File "/var/lib/jenkins/workspace/nova-virtualenv-debian6/nova/nova/tests/test_crypto.py", line 207, in test_ssh_encrypt_decrypt_text
      enc = crypto.ssh_encrypt_text(self.pubkey, self.text)
    File "/var/lib/jenkins/workspace/nova-virtualenv-debian6/nova/nova/crypto.py", line 211, in ssh_encrypt_text
      raise exception.EncryptionFailure(reason=exc.stderr)
  EncryptionFailure: Failed to encrypt text: ssh-keygen: illegal option -- m
  usage: ssh-keygen [options]
  Options:
    -a trials   Number of trials for screening DH-GEX moduli.
    -B          Show bubblebabble digest of key file.
    -b bits     Number of bits in the key to create.
    -C comment  Provide new comment.
    -c          Change comment in private and public key files.
    -D pkcs11   Download public key from pkcs11 token.
    -e          Convert OpenSSH to RFC 4716 key file.
    -F hostname Find hostname in known hosts file.
    -f filename Filename of the key file.
    -G file     Generate candidates for DH-GEX moduli.
    -g          Use generic DNS resource record format.
    -H          Hash names in known_hosts file.
    -h          Generate host certificate instead of a user certificate.
    -I key_id   Key identifier to include in certificate.
    -i          Convert RFC 4716 to OpenSSH key file.
    -L          Print the contents of a certificate.
    -l          Show fingerprint of key file.
    -M memory   Amount of memory (MB) to use for generating DH-GEX moduli.
    -n name,... User/host principal names to include in certificate
    -N phrase   Provide new passphrase.
    -O cnstr    Specify a certificate constraint.
    -P phrase   Provide old passphrase.
    -p          Change passphrase of private key file.
    -q          Quiet.
    -R hostname Remove host from known_hosts file.
    -r hostname Print DNS resource record.
    -s ca_key   Certify keys with CA key.
    -S start    Start point (hex) for generating DH-GEX moduli.
    -T file     Screen candidates for DH-GEX moduli.
    -t type     Specify type of key to create.
    -V from:to  Specify certificate validity interval.
    -v          Verbose.
    -W gen      Generator to use for generating DH-GEX moduli.
    -y          Read private key file and print public key.

  This is using OpenSSH 5.5p1 (found in Debian Squeeze). RHEL/CentOS 6
  still uses OpenSSH 5.3p1 which also does not have the -m option.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1102501/+subscriptions