Add support for ECDSA and Ed25519 SSH keys
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| | Launchpad itself |
Low
|
Unassigned | ||
Bug Description
When I wanted to add my ECDSA SSH2 key I got the message that the key was invalid. This is probably caused because those keys use a different key identifier structure than the RSA and DSA keys. Please improve the detection to also add support for the newest kind of SSH keys.
The key I tried to add:
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXN
| Changed in launchpad: | |
| status: | New → Triaged |
| importance: | Undecided → Low |
| summary: |
- Add support for ECDSA SSH keys + Add support for ECDSA and Ed25519 SSH keys |
| Unit 193 (unit193) wrote : | #1 |
| information type: | Public → Public Security |
| Damien Cassou (cassou) wrote : | #2 |
There has been update on http://
| Colin Watson (cjwatson) wrote : | #3 |
Don't get too excited. The movement on Twisted #7413 is a necessary prerequisite, but Twisted Conch still doesn't actually have concrete support for ECDSA keys, and Ed25519 is complicated further by the linked cryptography issue.
| Sami Olmari (olmari) wrote : | #4 |
ED25519 key I'd like to use too, so I'm just making noise here :)
| Bert JW Regeer (bregeer-ctl) wrote : | #5 |
OpenSSH on OS X sends ed25519 before rsa, this causes an hang until timeout:
| Unit 193 (unit193) wrote : | #6 |
http://
Still, there's progress and that's good.
| lszyba1 (szybalski) wrote : | #7 |
Hello,
Could somebody that is handling this ticket change the importance to major.
I'm unable to use launchpad without that key support.
My work requires it:
.ssh/id_ed25519.pub
I was hoping to convert some of the my bzr repo to git, and start using launchpad again and test drive the new git repo features in launchpad.
Please let me know who do I need to contact to get this enabled?
Thank you
Lucas
| Colin Watson (cjwatson) wrote : | #8 |
There's not much point arguing about the formal Importance of this bug. The reality is that we have the following chain of dependencies before we can fix this:
1) upgrade Launchpad production to xenial (in progress)
2) convert Launchpad build system to pip, so that we're no longer blocked on upgrading Twisted by conflicts between zc.buildout and pbr
3) wait for a version of Twisted to be released that supports ED25519 keys
4) upgrade to that version of Twisted
We already consider 1) and 2) to be high-priority, but 3) is out of our hands for the time being. Debating the value of the Importance field isn't going to speed anything up.
| Colin Watson (cjwatson) wrote : | #9 |
Update: we finished upgrading Launchpad production to xenial earlier this year; I just landed the conversion of our build system to pip; and I have a branch in progress to upgrade us to Twisted 16.5.0.
The upstream Twisted work doesn't seem to have finished yet, so we may be near the point where we've done everything we can for the time being. Versions of Twisted newer than 16.5.0 remove gmpy integration, so we'll need to take some care to avoid regressing performance on new connections, but that's doable.
This is currently blocked by https:/
http://