Bug#978004: authorized_keys: valid key types is missing sk-ssh-ed25519 and sk-ecdsa-sha2-nistp256

Thu, 24 Dec 2020 01:15:15 -0800 

Package: ansible
Version: 2.9.6+dfsg-1~bpo10+1
Severity: normal

Dear Maintainer,

I use ansible to deploy authorized_keys files. If I deploy a key of the
new type sk-ecdsa-sha2-nistp...@openssh.com, I get an error message:
invalid key specified: sk-ecdsa-sha2-nistp...@openssh.com

I use the current versions of openssh and ansible from buster-backports.

This problem was fixed in current upstream versions of ansible:
https://github.com/ansible-collections/ansible.posix/pull/30/files

As a workaround I've edited VALID_SSH2_KEY_TYPES:
=== /usr/lib/python3/dist-packages/ansible/modules/system/authorized_key.py ===

    VALID_SSH2_KEY_TYPES = [
        'ssh-ed25519',
        'ecdsa-sha2-nistp256',
        'ecdsa-sha2-nistp384',
        'ecdsa-sha2-nistp521',
        'ssh-dss',
        'ssh-rsa',
        'sk-ecdsa-sha2-nistp...@openssh.com',
        'sk-ssh-ed25...@openssh.com',
    ]
===============================================================================

The current version of ansisible in testing/bullseye is 2.9.16+dfsg-1
and probably has the same problem. 

testing/bullseye comes with openssh >= 8.2, which supports these new
types.


-- System Information:
Debian Release: 10.7
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.9.0-0.bpo.2-amd64 (SMP w/8 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages ansible depends on:
ii  openssh-client        1:8.4p1-2~bpo10+1
ii  python3               3.7.3-1
ii  python3-crypto        2.6.1-9+b1
ii  python3-cryptography  2.6.1-3+deb10u2
ii  python3-distutils     3.7.3-1
ii  python3-dnspython     1.16.0-1
ii  python3-httplib2      0.11.3-2
ii  python3-jinja2        2.10-2
ii  python3-netaddr       0.7.19-1
ii  python3-yaml          3.13-2

Versions of packages ansible recommends:
ii  python3-argcomplete  1.8.1-1
ii  python3-jmespath     0.9.4-1
ii  python3-kerberos     1.1.14-2
ii  python3-libcloud     2.4.0-1
ii  python3-selinux      2.8-1+b1
ii  python3-winrm        0.3.0-2
ii  python3-xmltodict    0.11.0-2

Versions of packages ansible suggests:
ii  cowsay   3.03+dfsg2-6
ii  sshpass  1.06-1

-- no debconf information

Reply via email to