Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

T6013: Add support for configuring TrustedUserCAKeys for ssh service #4234

Merged
merged 3 commits into from
Dec 23, 2024
Merged

T6013: Add support for configuring TrustedUserCAKeys for ssh service #4234

merged 3 commits into from
Dec 23, 2024
+156 −28

Conversation

takehaya
Copy link
Contributor

@takehaya takehaya commented Dec 12, 2024
edited
Loading

Change Summary

This feature adds support for TrustedUserCAKeys, allowing SSH logins using signed CA certificates.
This PR does not include handling for AuthorizedPrincipalsFile. I plan to address it in a future PR.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Code style update (formatting, renaming)
  • Refactoring (no functional changes)
  • Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component
  • Other (please describe):

Related Task(s)

Related PR(s)

Component(s) name

Proposed changes

How to test

Smoketest result

Checklist:

  • I have read the CONTRIBUTING document
  • I have linked this PR to one or more Phabricator Task(s)
  • I have run the components SMOKETESTS if applicable
  • My commit headlines contain a valid Task id
  • My change requires a change to the documentation
  • I have updated the documentation accordingly

@github-actions GitHub Actions
Copy link

github-actions bot commented Dec 12, 2024
edited
Loading

👍
No issues in PR Title / Commit Title

sarthurdev
sarthurdev requested changes Dec 12, 2024
View reviewed changes
interface-definitions/service_ssh.xml.in Outdated Show resolved Hide resolved
src/conf_mode/service_ssh.py Outdated Show resolved Hide resolved
src/conf_mode/service_ssh.py Outdated Show resolved Hide resolved
@takehaya takehaya force-pushed the T6013-trusted-ca-keys branch 3 times, most recently from b5cca42 to dc9ff0f Compare December 14, 2024 21:05
@github-actions GitHub Actions
Copy link

This pull request has conflicts, please resolve those before we can evaluate the pull request.

@takehaya takehaya force-pushed the T6013-trusted-ca-keys branch from dc9ff0f to 4a0b7ed Compare December 14, 2024 21:07
@github-actions GitHub Actions
Copy link

Conflicts have been resolved. A maintainer will review the pull request shortly.

@takehaya takehaya requested a review from sarthurdev December 14, 2024 21:10
@takehaya takehaya marked this pull request as ready for review December 14, 2024 21:11
@takehaya takehaya force-pushed the T6013-trusted-ca-keys branch 2 times, most recently from a94fcc6 to c586461 Compare December 14, 2024 21:46
@takehaya takehaya mentioned this pull request Dec 14, 2024
Merged
1 task
@takehaya takehaya force-pushed the T6013-trusted-ca-keys branch 6 times, most recently from be86758 to 8bca67d Compare December 15, 2024 07:45
@takehaya takehaya force-pushed the T6013-trusted-ca-keys branch 3 times, most recently from f9fdaae to 040b197 Compare December 15, 2024 16:25
sarthurdev
sarthurdev requested changes Dec 20, 2024
View reviewed changes
Copy link
Member

@sarthurdev sarthurdev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for addressing the other requested changes, this looks great!

src/conf_mode/service_ssh.py Show resolved Hide resolved
@takehaya takehaya force-pushed the T6013-trusted-ca-keys branch 2 times, most recently from b8ef2d1 to 025641e Compare December 21, 2024 03:34
@takehaya takehaya requested a review from sarthurdev December 21, 2024 03:35
@takehaya takehaya force-pushed the T6013-trusted-ca-keys branch from 025641e to 8a9675b Compare December 21, 2024 04:25
@sarthurdev sarthurdev removed the rebase label Dec 21, 2024
sarthurdev
sarthurdev approved these changes Dec 21, 2024
View reviewed changes
Copy link
Member

@sarthurdev sarthurdev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me

@takehaya
Copy link
Contributor Author

ummm...It seems like the failure is occurring in a part that doesn’t seem relevant to this case...:(

DEBUG - ======================================================================
DEBUG - FAIL: test_isis_07_segment_routing_configuration (__main__.TestProtocolsISIS.test_isis_07_segment_routing_configuration)
DEBUG - ----------------------------------------------------------------------
DEBUG - Traceback (most recent call last):
DEBUG -   File "/usr/libexec/vyos/tests/smoke/cli/test_protocols_isis.py", line 287, in test_isis_07_segment_routing_configuration
DEBUG -     self.assertIn(f' net {net}', tmp)
DEBUG - AssertionError: ' net 49.0001.1921.6800.1002.00' not found in ''

@takehaya takehaya force-pushed the T6013-trusted-ca-keys branch 2 times, most recently from de1cda8 to f991956 Compare December 21, 2024 15:55
@takehaya
Copy link
Contributor Author

@sarthurdev san @sever-sever san
I see. It looks like you've included something that already fails tests in the current branch.
There's no problem with this branch, so can you merge it?
https://github.com/vyos/vyos-1x/actions/runs/12434579110/job/34719164480#step:5:1913

@takehaya takehaya force-pushed the T6013-trusted-ca-keys branch from f991956 to 8b560e7 Compare December 23, 2024 09:13
@github-actions GitHub Actions
Copy link

CI integration ❌ failed!

Details

CI logs

  • CLI Smoketests (no interfaces) ❌ failed
  • CLI Smoketests (interfaces only) ❌ failed
  • Config tests 👍 passed
  • RAID1 tests 👍 passed
  • TPM tests 👍 passed

@c-po c-po merged commit c9febcc into vyos:current Dec 23, 2024
12 of 14 checks passed
@takehaya takehaya mentioned this pull request Dec 28, 2024
Draft
12 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@c-po c-po c-po approved these changes

@sever-sever sever-sever sever-sever approved these changes

@sarthurdev sarthurdev sarthurdev approved these changes

@dmbaturin dmbaturin Awaiting requested review from dmbaturin dmbaturin is a code owner

@jestabro jestabro Awaiting requested review from jestabro jestabro is a code owner

@fett0 fett0 Awaiting requested review from fett0 fett0 is a code owner

@nicolas-fort nicolas-fort Awaiting requested review from nicolas-fort nicolas-fort is a code owner

@zdc zdc Awaiting requested review from zdc zdc is a code owner

Assignees

@takehaya takehaya

Labels
current
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@takehaya @sarthurdev @sever-sever @c-po