Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refine public key usage when remote #8676

Merged
merged 1 commit into from
Dec 12, 2020
Merged

Refine public key usage when remote #8676

merged 1 commit into from
Dec 12, 2020

Conversation

jwhonce
Copy link
Member

@jwhonce jwhonce commented Dec 9, 2020
edited
Loading

  • Move all public key handling into one AuthMethod
  • Cache server connection when tunneling, saves one RoundTrip on ssh
    handshake
  • --log-level=debug now prints the fingerprints of all keys that will be presented to the server

Signed-off-by: Jhon Honce [email protected]

@jwhonce jwhonce added the kind/bug Categorizes issue or PR as related to a bug. label Dec 9, 2020
@jwhonce jwhonce requested a review from ashley-cui December 9, 2020 23:37
@jwhonce jwhonce self-assigned this Dec 9, 2020
@openshift-ci-robot
Copy link
Collaborator

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jwhonce

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci-robot openshift-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Dec 9, 2020
@jwhonce jwhonce marked this pull request as draft December 9, 2020 23:37
@openshift-ci-robot openshift-ci-robot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Dec 9, 2020
@jwhonce
Copy link
Member Author

jwhonce commented Dec 9, 2020
edited
Loading

@ashley-cui Do you want to see how this works for you? I still have the issue where sshd allows the ssh command to use RSA keys but denies the golang agent. Tweaking the connection creation should help with the login prompting.

@jwhonce
Refine public key usage when remote
7dd1da3 
* Move all public key handling into one AuthMethod. Prioritize ssh-agent
  keys over identity files.
* Cache server connection when tunneling, saves one RoundTrip on ssh
  handshake

Signed-off-by: Jhon Honce <[email protected]>
@jwhonce jwhonce mentioned this pull request Dec 10, 2020
Closed
@jwhonce jwhonce marked this pull request as ready for review December 10, 2020 23:08
@openshift-ci-robot openshift-ci-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Dec 10, 2020
@jwhonce jwhonce requested a review from baude December 10, 2020 23:08
@rhatdan
Copy link
Member

rhatdan commented Dec 11, 2020

@containers/podman-maintainers PTAL
@ashley-cui PTAL

@ashley-cui
Copy link
Member

ashley-cui commented Dec 11, 2020
edited
Loading

I'm still running into the the key passphrase prompt when there is an identity file containers.conf. It looks like its going through the dedup though

DEBU[0002] SSH Ident Key "/Users/ashley/.ssh/pdmnpass" SHA256:XSN/741107mJBUr1OLiUEGZTBlB2pMdGceTgwITDlvU ssh-ed25519 
DEBU[0002] Found SSH_AUTH_SOCK "/private/tmp/com.apple.launchd.boLD2kVfAw/Listeners", ssh-agent signer(s) enabled 
DEBU[0002] SSH Agent Key SHA256:XSN/741107mJBUr1OLiUEGZTBlB2pMdGceTgwITDlvU ssh-ed25519 
DEBU[0002] Dedup SSH Key SHA256:XSN/741107mJBUr1OLiUEGZTBlB2pMdGceTgwITDlvU ssh-ed25519

@jwhonce
Copy link
Member Author

jwhonce commented Dec 11, 2020

@ashley-cui Understood. If you provide that identity file, I need the passphrase to read it before I can dedup the list of keys to throw it away... hen vs egg issue

@ashley-cui
Copy link
Member

merging as-is to clean up some use cases, knowing RSA and the public key with identity file issues exist
LGTM

@ashley-cui
Copy link
Member

@containers/podman-maintainers PTAL

@TomSweeneyRedHat
Copy link
Member

LGTM

ashley-cui
ashley-cui reviewed Dec 12, 2020
View reviewed changes
Copy link
Member

@ashley-cui ashley-cui left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Dec 12, 2020
@openshift-merge-robot openshift-merge-robot merged commit 1d50245 into containers:master Dec 12, 2020
@edsantiago edsantiago mentioned this pull request Dec 14, 2020
Closed
@jwhonce jwhonce deleted the issues/7806 branch June 30, 2021 16:10
@jschwartz-cray jschwartz-cray mentioned this pull request Nov 12, 2021
Closed
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 23, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 23, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@ashley-cui ashley-cui ashley-cui left review comments

@baude baude Awaiting requested review from baude

Assignees

@jwhonce jwhonce

@ashley-cui ashley-cui

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. kind/bug Categorizes issue or PR as related to a bug. lgtm Indicates that a PR is ready to be merged. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@jwhonce @openshift-ci-robot @rhatdan @ashley-cui @TomSweeneyRedHat @openshift-merge-robot