Inject RSA ssh key #71
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
germag
force-pushed
the
Add-rsa-ssh-key
branch
from
ae3b283 to
146ffcd
Compare
The --no-creds breaks the ssh command. Ssh will unconditionally use the ssh key path from the VM json config, passing --no-creds sets the path to "". Since we don't have any open issue about it, let's remove this option until someone ask for it. Signed-off-by: German Maglione <gmaglione@redhat.com>
For simplicity, we were using the ssh key from podman-machine, but it has the inconvenience that this key is ed25519 and does not work in FIPS mode. Let's generate and inject an RSA ssh key that it's FIPS approved. Signed-off-by: German Maglione <gmaglione@redhat.com>
germag
force-pushed
the
Add-rsa-ssh-key
branch
from
146ffcd to
8fe62b6
Compare
matusmarhefka
approved these changes
Nov 5, 2024
matusmarhefka
left a comment
matusmarhefka
left a comment
There was a problem hiding this comment.
Thanks, I tested it with FIPS mode and it works!
cgwalters
approved these changes
Nov 5, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
For simplicity, we were using the ssh key from podman-machine, but it has the inconvenience that this key is ed25519 and does not work in FIPS mode.
Let's generate and inject an RSA ssh key that it's FIPS approved.
This PR also removes
--no-credsbecause it was broken, making therunandsshcommand to fail. Since no-one complained we can safely remove it to avoid confuse the user. We can bring it back if someone ask for that functionality in the future.Fixes #68