LDAP Account Manager / Bugs / #207 lamdaemon SSH key

#207 lamdaemon SSH key

Milestone: v6.8

Status: closed

Owner: nobody

Labels: None

Priority: 2

Updated: 2019-08-25

Created: 2019-08-17

Creator: Chuck Lane

Private: No

Just upgraded to 6.8 on Fedora 29, and decided to start trying to use lamdaemon.
Generating a public/private SSH key pair especially for the lamdaemon; it works for
plain old ssh connections, but fails the lamdaemon ssh test.

Turns out, after investigation, that
1) it has to be an RSA key pair (not DSA, ECDSA, etc)
2) using ssh-keygen on Fedora 29 has an 'updated' key delimiter that the code that LAM uses doesn't like:
old style (RHEL, etc, works with LAM):
-----BEGIN RSA PRIVATE KEY-----

 new style (Fedora 29, ssh-keygen fropenssh-7.9p1-6.fc29)
 -----BEGIN OPENSSH PRIVATE KEY-----

I suspect this is a 'library' issue, where the crypto library is looking for the 'RSA' string, and rejecting everything else (like 'EC' and 'OPENSSH').

Discussion

Roland Gruber - 2019-08-19

We use phpseclib (http://phpseclib.sourceforge.net/) for the SSH connection. Seems that it only supports RSA keys. We will update the documentation.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Roland Gruber - 2019-08-25

status: open --> closed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Roland Gruber - 2019-08-25

Updated docs

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

lamdaemon SSH key

Group

Searches

Help

#207 lamdaemon SSH key

Discussion