Add keypair support for ed25519 #13219
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add a new ed25519 insecure private key. Update the README with information about the two insecure keys. Retain the RSA key in the `vagrant` file and duplicate it into `vagrant.key.rsa`. Append the ed25519 public key to the `vagrant.pub` file.
Introduce keypair support for ed25519. Default keypair type when generating without specifying type is rsa to maintain existing behavior.
Check the key types supported by the server. If the data is not available, default to the previous behavior which is using the rsa key type. Update insecure key check to match against any key files located within the keys directory. For now, this effectively allows matching either rsa or ed25519 insecure private keys.
Within the environment, add a new directory value which points to the directory containing the valid insecure private keys. A new default private key paths value contains an array of all the insecure private keys which are available for initial authentication.
When constructing the ssh information, use all available insecure key paths for authentication.
Updates existing test coverage to use insecure private key collection and adds testing for behavior changes within the communicator and the keypair utility.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add support for ed25519 type keys. This support consists of two
parts:
Vagrant insecure private keys
A new ed25519 type public/private key pair has been added to the
./keysdirectory of the vagrant repository. The public/privatekey files in the directory are now the following:
./keys/vagrant- Insecure private key (RSA) - not modified./keys/vagrant.pub- Insecure public keys (both RSA and Ed25519) - Ed25519 public key appended./keys/vagrant.key.ed25519- Insecure private key (Ed25519)./keys/vagrant.pub.ed25519- Insecure public key (Ed25519)./keys/vagrant.key.rsa- Insecure private key (RSA)./keys/vagrant.key.pub- Insecure public key (RSA)Vagrant support for ed25519
The
Vagrant::Util::Keypaircan now generate an RSA or Ed25519key pair. Both keys are now used for authentication when no private
key has been specified (for example: initial authentication).
When removing the insecure key and replacing it with the a newly
generated key, a check is done to determine what key types Vagrant
supports are supported by the server. The best match will be used.
If a match cannot be determined, Vagrant will fallback to the
previous behavior of generating an RSA keypair.
Fixes #12589
Fixes #12458
Fixes #12693