-
Notifications
You must be signed in to change notification settings - Fork 359
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Allow master configuration for ssh key crypto system #10072
Merged
Merged
Changes from 16 commits
Commits
Show all changes
17 commits
Select commit
Hold shift + click to select a range
5cbd0d2
add algorithm
gt2345 2a05eb1
fix header and ED25519
gt2345 b46f97f
add release note
gt2345 ae88b02
remove passphrase when launching shell
gt2345 e444bc4
docs fmt
gt2345 5061abe
update docs
gt2345 1a169d4
update docs
gt2345 078d145
e2e
gt2345 305b16e
rename to key_type
gt2345 e32501d
remove intg tests
gt2345 3c6475f
fmt docs
gt2345 76227ad
unit test
gt2345 6442f9a
change default to ED25519
gt2345 6d53f1a
nolint:dogsled
gt2345 c97313e
update name and docs
gt2345 bf78880
comments
gt2345 1690bb7
fmt
gt2345 File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
:orphan: | ||
|
||
**Improvements** | ||
|
||
- Master Configuration: Add support for crypto system configuration for ssh connection. | ||
``security.key_type`` now accepts ``RSA``, ``ECDSA`` or ``ED25519``. Default key type is changed | ||
from ``1024-bit RSA`` to ``ED25519``, since ``ED25519`` keys are faster and more secure than the | ||
old default, and ``ED25519`` is also the default key type for ``ssh-keygen``. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
package ssh | ||
|
||
import ( | ||
"testing" | ||
|
||
"golang.org/x/crypto/ssh" | ||
"gotest.tools/assert" | ||
|
||
"github.com/determined-ai/determined/master/internal/config" | ||
) | ||
|
||
func verifyKeys(t *testing.T, keys PrivateAndPublicKeys) { | ||
privateKey, err := ssh.ParsePrivateKey(keys.PrivateKey) | ||
assert.NilError(t, err) | ||
|
||
publickKey, _, _, _, err := ssh.ParseAuthorizedKey(keys.PublicKey) //nolint:dogsled | ||
assert.NilError(t, err) | ||
assert.Equal(t, string(publickKey.Marshal()), string(privateKey.PublicKey().Marshal())) | ||
} | ||
|
||
func TestSSHKeyGenerate(t *testing.T) { | ||
t.Run("generate RSA key", func(t *testing.T) { | ||
keys, err := GenerateKey(config.SSHConfig{KeyType: config.KeyTypeRSA, RsaKeySize: 512}) | ||
assert.NilError(t, err) | ||
verifyKeys(t, keys) | ||
}) | ||
|
||
t.Run("generate ECDSA key", func(t *testing.T) { | ||
keys, err := GenerateKey(config.SSHConfig{KeyType: config.KeyTypeECDSA}) | ||
assert.NilError(t, err) | ||
verifyKeys(t, keys) | ||
}) | ||
|
||
t.Run("generate ED25519 key", func(t *testing.T) { | ||
keys, err := GenerateKey(config.SSHConfig{KeyType: config.KeyTypeED25519}) | ||
assert.NilError(t, err) | ||
verifyKeys(t, keys) | ||
}) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just as a note: I don't think there were any requests to make the curve size configurable, and P256 is the NIST recommendation, so this is fine. But one day we may have to update it or make configurable.