yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #50746
[Bug 1483132] Re: ssh-keygen-to-Paramiko change breaks third-party tools
Reviewed: https://review.openstack.org/314639
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=6b1293fd6f5bcb35f317f36c540f543b1192928c
Submitter: Jenkins
Branch: master
commit 6b1293fd6f5bcb35f317f36c540f543b1192928c
Author: Sean Dague <sean@xxxxxxxxx>
Date: Tue May 10 11:39:11 2016 -0400
Drop paramiko < 2 compat code
This drops the paramiko < 2 compatibility code so we only need to
support one major version.
Depends-On: I2369638282b4fefccd8484a5039fcfa9795069a7
(global requirements change)
Change-Id: Ife4df9e64299e1182d77d568d1deed5ec3b608b3
Closes-Bug: #1483132
** Changed in: nova
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1483132
Title:
ssh-keygen-to-Paramiko change breaks third-party tools
Status in OpenStack Compute (nova):
Fix Released
Bug description:
Changing ssh key generation from OpenSSH's ssh-keygen to the Paramiko
library [1][2] changed (unintentionally?) the ASN.1 encoding format of
SSH private keys from DER to BER. (DER is a strict subset of BER, so
anything that can read BER can read DER, but not necessarily the other
way around.)
Some third-party tools only support DER and this has created at least
one issue [3] (specifically because Go's standard library only
supports DER).
I have provided Paramiko with a small change that makes its SSH
private key output equal to OpenSSH's ssh-keygen output (and
presumably DER formatted) [4].
Providing a change to Paramiko is just one method of addressing this
backwards-incompatibility and interoperability issue. Should the
Paramiko change be accepted the unit test output vectors will need to
be changed, but should it not, is a reversion of or modification to
Nova acceptable to maintain backwards-compatibility and
interoperability?
[1] https://review.openstack.org/157931
[2] http://git.openstack.org/cgit/openstack/nova/commit/?id=3f3f9bf22efd2fb209d2a2fe0246f4857cd2d21a
[3] https://github.com/mitchellh/packer/issues/2526
[4] https://github.com/paramiko/paramiko/pull/572
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1483132/+subscriptions
References