Skip to content

Support Hardware Security Keys by updating openssh-keys #7

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Nov 16, 2022
Merged

Support Hardware Security Keys by updating openssh-keys #7

merged 4 commits into from
Nov 16, 2022

Conversation

pothos
Copy link
Member

@pothos pothos commented Nov 15, 2022
edited
Loading

  • Support Hardware Security Keys by updating openssh-keys

    This pulls in a newer version of the openssh-keys crate that supports
    hardware security keys. A test case is added, too.

  • Address compilation warnings

    The dead code warning for the "lock" is ignored and the depecration
    warning for unnecessary "format!" is solved.

  • Cargo.lock: Update dependencies

    This is the result of "cargo update".

How to use

Use it from coreos-overlay to fix flatcar/Flatcar#691

Testing done

Local cargo test

Tested with Flatcar Stable by copying binary over (RUSTFLAGS='-C target-feature=+crt-static' cargo build --target x86_64-unknown-linux-gnu and scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -P 2222 target/x86_64-unknown-linux-gnu/debug/update-ssh-keys core@127.0.0.1:):

$ cat .ssh/authorized_keys.d/test 
sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEX/dQ0v4127bEo8eeG1EV0ApO2lWbSnN6RWusn/NjqIAAAABHNzaDo= demos@siril
$ ./update-ssh-keys # just update-ssh-keys fails in comparison
$ grep demos .ssh/authorized_keys
sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEX/dQ0v4127bEo8eeG1EV0ApO2lWbSnN6RWusn/NjqIAAAABHNzaDo= demos@siril

Testing with kola: flatcar-archive/coreos-overlay#2289

@pothos
Cargo.lock: Update dependencies
6923f2a 
This is the result of "cargo update".
@pothos
Address compilation warnings
1292eeb 
The dead code warning for the "lock" is ignored and the depecration
warning for unnecessary "format!" is solved.
@pothos
Support Hardware Security Keys by updating openssh-keys
f0d1b0c 
This pulls in a newer version of the openssh-keys crate that supports
hardware security keys. A test case is added, too.
@pothos
Update "users" dependency
7cb7869
@pothos pothos mentioned this pull request Nov 15, 2022
Closed
@pothos pothos requested a review from a team November 15, 2022 16:31
@pothos pothos marked this pull request as ready for review November 15, 2022 16:31
@pothos pothos mentioned this pull request Nov 15, 2022
Merged
2 tasks
pothos added a commit to flatcar-archive/coreos-overlay that referenced this pull request Nov 15, 2022
@pothos
WIP: Support Hardware Security Keys in update-ssh-keys
d3a3893 
This pulls in
flatcar/update-ssh-keys#7
to support Hardware Security Keys in update-ssh-keys.
pothos added a commit to flatcar-archive/coreos-overlay that referenced this pull request Nov 15, 2022
@pothos
WIP: Support Hardware Security Keys in update-ssh-keys
27e5229 
This pulls in
flatcar/update-ssh-keys#7
to support Hardware Security Keys in update-ssh-keys.
pothos added a commit to flatcar-archive/coreos-overlay that referenced this pull request Nov 16, 2022
@pothos
Support Hardware Security Keys in update-ssh-keys
ba868e9 
This pulls in
flatcar/update-ssh-keys#7
to support Hardware Security Keys in update-ssh-keys.
Until we have a new crates.io release of openssh-keys with
coreos/openssh-keys#68 we need to host it on
Origin or find a way to make the eclass more flexible.
pothos added a commit to flatcar-archive/coreos-overlay that referenced this pull request Nov 16, 2022
@pothos
Support Hardware Security Keys in update-ssh-keys
2313fec 
This pulls in
flatcar/update-ssh-keys#7
to support Hardware Security Keys in update-ssh-keys.
Until we have a new crates.io release of openssh-keys with
coreos/openssh-keys#68 we need to host it on
Origin or find a way to make the eclass more flexible. Here it was
hosted on Origin (from "cargo package").
@pothos pothos merged commit fd2490e into flatcar-master Nov 16, 2022
@pothos pothos deleted the kai/hardware-keys branch November 16, 2022 10:47
pothos added a commit to flatcar-archive/coreos-overlay that referenced this pull request Nov 16, 2022
@pothos
Support Hardware Security Keys in update-ssh-keys
d65e76a 
This pulls in
flatcar/update-ssh-keys#7
to support Hardware Security Keys in update-ssh-keys.
Until we have a new crates.io release of openssh-keys with
coreos/openssh-keys#68 we need to host it on
Origin or find a way to make the eclass more flexible. Here it was
hosted on Origin (from "cargo package") and the Cargo.toml/lock patched
on build to think it would come from crates.io because the Gentoo
eclass only supports that location.
@pothos pothos mentioned this pull request Nov 16, 2022
Closed
t-lo pushed a commit to flatcar/scripts that referenced this pull request Apr 17, 2023
@pothos
Support Hardware Security Keys in update-ssh-keys
ee0c1e6 
This pulls in
flatcar/update-ssh-keys#7
to support Hardware Security Keys in update-ssh-keys.
Until we have a new crates.io release of openssh-keys with
coreos/openssh-keys#68 we need to host it on
Origin or find a way to make the eclass more flexible. Here it was
hosted on Origin (from "cargo package") and the Cargo.toml/lock patched
on build to think it would come from crates.io because the Gentoo
eclass only supports that location.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jepio jepio jepio approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[RFE] update-ssh-keys: Add ecdsa-sk and ed25519-sk (U2F/FIDO security key) support
2 participants
@pothos @jepio