Skip to content

ssh_auth and ssh fixes for 3006.x and 3007.x #68405

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: 3006.x
Choose a base branch
from
Open

ssh_auth and ssh fixes for 3006.x and 3007.x #68405

wants to merge 5 commits into from
+504 −68

Conversation

@piterpunk
Copy link

@piterpunk piterpunk commented Oct 16, 2025
edited
Loading

What does this PR do?

It changes the how ssh_auth.present and ssh_auth.absent handles when the keys to be added or removed comes from a source file. This fixes:

  1. The state reporting no changes even when keys are added or removed;
  2. The wrongly options handling when using source file;

Added in this patch is a fix to handle keys with @ and . in their encryption types and many tests to execution module ssh.py and state module ssh_auth.py:

  1. Tests all occurrences of the encryption types validation regexp in ssh_auth.py against all supported OpenSSH 8.7 key types;
  2. Tests if ssh.set_auth_key_from_file is correctly called from ssh_auth.present sending the options if specified;
  3. Tests if ssh.rm_auth_key_from_file is correctly called from ssh_auth.absent
  4. Tests if ssh.set_auth_key_from_file and ssh.rm_auth_key_from_file correctly handles multiple keys
  5. Tests if ssh.set_auth_key_from_file and ssh.rm_auth_key_from_file accept keys with @ and .
  6. Tests if ssh.set_auth_key_from_file and ssh.rm_auth_key_from_file parses multiple words comments
  7. Tests ssh._validate_keys against all encryption keys supported by OpenSSH 8.7, with options, without options, with simple comments, with multiple word comments and even without any comment.

I hope this set of tests are enough to prevent any regression and warranty that reading keys from source works flawlessly.

What issues does this PR fix or reference?

Fixes #68403
Fixes #61299
Fixes #60769
Fixes #57447
Fixes #40078
Tests #63434

Previous Behavior

  • Changes are not reported when reading keys from file
  • State defined options weren't respected when reading keys from file
  • Key types with @ and . weren't accepted

New Behavior

  • If the state changes something by adding or removing one or more keys, it reports as "changed". Individual changes are not reported.
  • State defined options overwrites those in the key when reading keys from file
  • Key types with @ and . are accepted

Merge requirements satisfied?

Commits signed with GPG?

No

@piterpunk piterpunk requested a review from a team as a code owner October 16, 2025 21:19
@piterpunk
Copy link
Author

piterpunk commented Oct 16, 2025
edited
Loading

While testing, I check #63434 and it seems to already being fixed somewhere in time.

@piterpunk piterpunk changed the title Ssh auth fixes 3006.x ssh_auth and ssh fixes for 3006.x and 3007.x Oct 16, 2025
@piterpunk piterpunk force-pushed the ssh_auth_fixes_3006.x branch from df85c32 to 5615b2f Compare October 17, 2025 14:01
bdrx312
bdrx312 reviewed Oct 18, 2025
View reviewed changes
@piterpunk piterpunk force-pushed the ssh_auth_fixes_3006.x branch from 5615b2f to 002b46d Compare October 19, 2025 21:00
@bdrx312
Copy link
Contributor

bdrx312 commented Oct 20, 2025

Thanks. Nice job.

@piterpunk piterpunk requested a review from bdrx312 October 20, 2025 14:06
bdrx312
bdrx312 reviewed Oct 23, 2025
View reviewed changes
Copy link
Contributor

@bdrx312 bdrx312 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good.

@twangboy twangboy added the test:full Run the full test suite label Oct 31, 2025
@twangboy twangboy force-pushed the ssh_auth_fixes_3006.x branch from 9e056c2 to 67421cc Compare October 31, 2025 16:29
@twangboy twangboy added this to the Sulfur v3006.17 milestone Oct 31, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@twangboy twangboy twangboy approved these changes

+1 more reviewer

@bdrx312 bdrx312 bdrx312 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

test:full Run the full test suite

Projects

None yet

Milestone

Sulfur v3006.18

Development

Successfully merging this pull request may close these issues.

3 participants

@piterpunk @bdrx312 @twangboy