No support for ed25519 keys in ssh_authorized_key resource type
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
puppet (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Trusty |
Won't Fix
|
Medium
|
Unassigned |
Bug Description
Hi,
when using a ssh_authorized_key resource to install public keys in the authorized_keys files, it works with rsa, but not with ed25519 keys:
Error: Failed to apply catalog: Parameter type failed on Ssh_authorized_
Wrapped exception:
Invalid value "ssh-ed25519". Valid values are ssh-dss, ssh-rsa, ecdsa-sha2-
The nist curves are considered insecure . Puppet should be able to install keys that are still seen as secure.
regards
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: puppet (not installed)
ProcVersionSign
Uname: Linux 3.13.0-53-generic x86_64
NonfreeKernelMo
ApportVersion: 2.14.1-0ubuntu3.10
Architecture: amd64
CurrentDesktop: XFCE
Date: Sat May 23 01:23:28 2015
InstallationDate: Installed on 2014-08-06 (289 days ago)
InstallationMedia: Ubuntu-Server 14.04.1 LTS "Trusty Tahr" - Release amd64 (20140722.3)
SourcePackage: puppet
UpgradeStatus: No upgrade log present (probably fresh install)
Changed in puppet (Ubuntu Trusty): | |
assignee: | nobody → Joshua Powers (powersj) |
status: | Triaged → In Progress |
Changed in puppet (Ubuntu Trusty): | |
assignee: | Joshua Powers (powersj) → nobody |
Thank you for taking the time to report this bug and helping to make Ubuntu better.
Looks like support for ed25519 was added upstream in puppet 3.5.0. Ubuntu 14.04 shipped with 3.4.3, so does not currently have this support. Ubuntu 14.10 shipped with 3.6.1 and looking at the source I it looks like support for ed25519 is present.
I'm marking this bug as Fix Released as it was fixed in Ubuntu 14.10. I'll ask the security team whether an update to Ubuntu 14.04 is appropriate.