Add support for ECDSA and Ed25519 SSH keys

Bug #907675 reported by Pim Vullers on 2011-12-22
This bug affects 47 people
Affects Status Importance Assigned to Milestone
Launchpad itself

Bug Description

When I wanted to add my ECDSA SSH2 key I got the message that the key was invalid. This is probably caused because those keys use a different key identifier structure than the RSA and DSA keys. Please improve the detection to also add support for the newest kind of SSH keys.

The key I tried to add:
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBISztakMuof8TXWJMb9IpHdntowby/QVs6flRj7BiWwQQF5LNC0ByGHb53T2fWKYF8Jig4l70D3j4t1vJ6FZQ3g= pim@chaos

Changed in launchpad:
status: New → Triaged
importance: Undecided → Low
William Grant (wgrant) on 2014-10-22
summary: - Add support for ECDSA SSH keys
+ Add support for ECDSA and Ed25519 SSH keys
Unit 193 (unit193) wrote :

This is currently blocked by which could be partially fixed by, except Ed25519 which would still need would also be needed for the pyCA support.

Colin Watson (cjwatson) on 2016-02-16
information type: Public → Public Security
Damien Cassou (cassou) wrote :

There has been update on Please update launchpad to take into account ecdsa keys. And it would be nice to also support Ed25519. Thanks

Colin Watson (cjwatson) wrote :

Don't get too excited. The movement on Twisted #7413 is a necessary prerequisite, but Twisted Conch still doesn't actually have concrete support for ECDSA keys, and Ed25519 is complicated further by the linked cryptography issue.

Sami Olmari (olmari) wrote :

ED25519 key I'd like to use too, so I'm just making noise here :)

Bert JW Regeer (bregeer-ctl) wrote :

OpenSSH on OS X sends ed25519 before rsa, this causes an hang until timeout:

Unit 193 (unit193) wrote : is progress towards both keys, and looks like ECDSA got support with, now just Ed25519 is in (Though, might hold things up a tad.)

Still, there's progress and that's good.

lszyba1 (szybalski) wrote :

Could somebody that is handling this ticket change the importance to major.
I'm unable to use launchpad without that key support.
My work requires it:

I was hoping to convert some of the my bzr repo to git, and start using launchpad again and test drive the new git repo features in launchpad.

Please let me know who do I need to contact to get this enabled?
Thank you

Colin Watson (cjwatson) wrote :

There's not much point arguing about the formal Importance of this bug. The reality is that we have the following chain of dependencies before we can fix this:

 1) upgrade Launchpad production to xenial (in progress)
 2) convert Launchpad build system to pip, so that we're no longer blocked on upgrading Twisted by conflicts between zc.buildout and pbr
 3) wait for a version of Twisted to be released that supports ED25519 keys
 4) upgrade to that version of Twisted

We already consider 1) and 2) to be high-priority, but 3) is out of our hands for the time being. Debating the value of the Importance field isn't going to speed anything up.

Colin Watson (cjwatson) wrote :

Update: we finished upgrading Launchpad production to xenial earlier this year; I just landed the conversion of our build system to pip; and I have a branch in progress to upgrade us to Twisted 16.5.0.

The upstream Twisted work doesn't seem to have finished yet, so we may be near the point where we've done everything we can for the time being. Versions of Twisted newer than 16.5.0 remove gmpy integration, so we'll need to take some care to avoid regressing performance on new connections, but that's doable.

To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers