Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CIT: Support SSH connections to hosts that block SHA1 #442

Merged
merged 1 commit into from
Apr 17, 2022
Merged

CIT: Support SSH connections to hosts that block SHA1 #442

merged 1 commit into from
Apr 17, 2022

Conversation

EricEdens
Copy link
Contributor

@EricEdens EricEdens commented Apr 15, 2022
edited
Loading

The SSH tests in CIT use Go to establish SSH connections:

guest-test-infra/imagetest/utils/test_utils.go

Line 192 in 99181c4

func CreateClient(user, host string, pembytes []byte) (*ssh.Client, error) {

While running CIT against Ubuntu 22.04, I observed that the SSH tests were failing:

	<testsuite name="ssh-daily-ubuntu-2204-jammy-v20220415" tests="5" failures="2" errors="0" disabled="0" skipped="0" time="0">
		<testcase classname="ssh-daily-ubuntu-2204-jammy-v20220415" name="TestMatchingKeysInGuestAttributes" time="0.02"></testcase>
		<testcase classname="ssh-daily-ubuntu-2204-jammy-v20220415" name="TestHostKeysAreUnique" time="60.2">
			<failure type="">    host_key_test.go:59: connect to remote host at 1650057165249076651&#xA;    host_key_test.go:62: user test-user failed ssh to target host, vm2-ssh-3jtbh, err ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain</failure>
		</testcase>
		<testcase classname="ssh-daily-ubuntu-2204-jammy-v20220415" name="TestSSHInstanceKey" time="60.14">
			<failure type="">    image_ssh_test.go:33: connect to remote host at 1650057225390562509&#xA;    image_ssh_test.go:36: user test-user failed ssh to target host, vm2-ssh-3jtbh, err ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain</failure>
		</testcase>
		<testcase classname="ssh-daily-ubuntu-2204-jammy-v20220415" name="TestEmptyTest" time="0"></testcase>
		<testcase classname="ssh-daily-ubuntu-2204-jammy-v20220415" name="TestHostKeysNotOverrideAfterAgentRestart" time="0.12"></testcase>
	</testsuite>

This occurred since Ubuntu 22.04 updated to an OpenSSH version that blocks connections that use SHA-1: https://www.openssh.com/releasenotes.html

This PR updates the golang.org/x/crypto dependency, which brings in their PR to support SHA-2 keys: golang/go#37278

It also does the following:

  • Creates a go.mod file in the imagetest directory
  • Updates the container build configurations to build relative to this directory

@google-oss-prow google-oss-prow bot requested review from ericdand and hopkiw April 15, 2022 22:18
@hopkiw
Copy link
Contributor

hopkiw commented Apr 15, 2022

/hold

so the main issue here is we need to confirm changing the shared go.mod doesn't break any of the containers, and if it does, we'll have to create per-project go modules either for the old or the new

@EricEdens
Copy link
Contributor Author

EricEdens commented Apr 16, 2022
edited
Loading

so the main issue here is we need to confirm changing the shared go.mod doesn't break any of the containers, and if it does, we'll have to create per-project go modules either for the old or the new

@hopkiw

This PR creates a new go.mod and leaves the old one unchanged. :)

@google-oss-prow google-oss-prow bot added the lgtm label Apr 17, 2022
@google-oss-prow
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: EricEdens, hopkiw

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@hopkiw
Copy link
Contributor

hopkiw commented Apr 17, 2022

/unhold

@google-oss-prow google-oss-prow bot merged commit 9234697 into GoogleCloudPlatform:master Apr 17, 2022
patelne added a commit to patelne/guest-test-infra that referenced this pull request Apr 29, 2022
@patelne
Update container build instructions
e550d48 
The container build configurations were changed in GoogleCloudPlatform#442. These instructions need to be updated to handle this.
This was referenced Apr 29, 2022
Merged
Merged
google-oss-prow bot pushed a commit that referenced this pull request Apr 29, 2022
@patelne
Update container build instructions (#455)
27636b7 
The container build configurations were changed in #442. These instructions need to be updated to handle this.
google-oss-prow bot pushed a commit that referenced this pull request May 9, 2022
@patelne
Partner image export remove creds (#456)
2595f27 
* Update container build instructions

The container build configurations were changed in #442. These instructions need to be updated to handle this.

* Remvoe gcs-key.credential for partner-image-export

Co-authored-by: Neil Patel <[email protected]>
google-oss-prow bot pushed a commit that referenced this pull request May 9, 2022
@patelne
Remove 81 and add 93,97 COS images (#457)
25f7b80 
* Update container build instructions

The container build configurations were changed in #442. These instructions need to be updated to handle this.

* Remove 81 and add 93,97 COS images

Co-authored-by: Neil Patel <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hopkiw hopkiw hopkiw approved these changes

@ericdand ericdand Awaiting requested review from ericdand

Assignees

@hopkiw hopkiw

Labels
approved lgtm size/XL
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@EricEdens @hopkiw