ceph-post-file: migrate to RSA SSH keys

David Galloway · David Galloway · commit ecd02bf3f1c7 · 2016-08-22T10:27:36.000-04:00
DSA keys are being deprecated: http://www.openssh.com/legacy.html drop.ceph.com will continue to allow the old DSA key but eventually, users submitting logs using ceph-post-file will run into issues when OpenSSH completely drops support for the algorithm. Fixes: http://tracker.ceph.com/issues/14267 Signed-off-by: David Galloway <dgallowa@redhat.com>
diff --git a/Makefile.am b/Makefile.am
@@ -18,8 +18,8 @@ EXTRA_DIST += \
 	udev/60-ceph-by-parttypeuuid.rules \
 	udev/95-ceph-osd.rules \
 	share/known_hosts_drop.ceph.com \
-	share/id_dsa_drop.ceph.com \
-	share/id_dsa_drop.ceph.com.pub
+	share/id_rsa_drop.ceph.com \
+	share/id_rsa_drop.ceph.com.pub
 
 NPROC = nproc
 if FREEBSD
@@ -30,8 +30,8 @@ endif
 install-data-local::
 	-mkdir -p $(DESTDIR)$(datadir)/ceph
 	-install -m 600 share/known_hosts_drop.ceph.com $(DESTDIR)$(datadir)/ceph/known_hosts_drop.ceph.com
-	-install -m 600 share/id_dsa_drop.ceph.com $(DESTDIR)$(datadir)/ceph/id_dsa_drop.ceph.com
-	-install -m 600 share/id_dsa_drop.ceph.com.pub $(DESTDIR)$(datadir)/ceph/id_dsa_drop.ceph.com.pub
+	-install -m 600 share/id_rsa_drop.ceph.com $(DESTDIR)$(datadir)/ceph/id_rsa_drop.ceph.com
+	-install -m 600 share/id_rsa_drop.ceph.com.pub $(DESTDIR)$(datadir)/ceph/id_rsa_drop.ceph.com.pub
 
 all-local::
 if WITH_DEBUG
diff --git a/ceph.spec.in b/ceph.spec.in
@@ -924,8 +924,8 @@ DISABLE_RESTART_ON_UPDATE="yes"
 %{_mandir}/man8/rbd-replay-prep.8*
 %dir %{_datadir}/ceph/
 %{_datadir}/ceph/known_hosts_drop.ceph.com
-%{_datadir}/ceph/id_dsa_drop.ceph.com
-%{_datadir}/ceph/id_dsa_drop.ceph.com.pub
+%{_datadir}/ceph/id_rsa_drop.ceph.com
+%{_datadir}/ceph/id_rsa_drop.ceph.com.pub
 %dir %{_sysconfdir}/ceph/
 %config %{_sysconfdir}/bash_completion.d/rados
 %config %{_sysconfdir}/bash_completion.d/rbd
diff --git a/debian/ceph-common.install b/debian/ceph-common.install
@@ -31,8 +31,8 @@ usr/share/man/man8/rbd.8
 usr/share/man/man8/rbdmap.8
 usr/share/man/man8/rbd-replay*.8
 usr/share/ceph/known_hosts_drop.ceph.com
-usr/share/ceph/id_dsa_drop.ceph.com
-usr/share/ceph/id_dsa_drop.ceph.com.pub
+usr/share/ceph/id_rsa_drop.ceph.com
+usr/share/ceph/id_rsa_drop.ceph.com.pub
 etc/ceph/rbdmap
 etc/init.d/rbdmap
 lib/udev/rules.d/50-rbd.rules
diff --git a/share/id_dsa_drop.ceph.com b/share/id_dsa_drop.ceph.com
diff --git a/share/id_dsa_drop.ceph.com.pub b/share/id_dsa_drop.ceph.com.pub
diff --git a/share/id_rsa_drop.ceph.com b/share/id_rsa_drop.ceph.com
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA6H/ykb30TtYaK8DbaFH5gOHO1E5zs9M5rRNpx5oSC5K3qj7j
+PmWJqFtL+kGxD19IqmYVzAun9auwwObIYtNqr/trD7G9I8W2MYYo/CmJlv/anoBE
+R+fQxkcsPQ8TB3RHBFHR2NnJmOAn3dSt5BRdjzQCL3MMCENq7J2zmF1OcATAAjuK
+kYvp/dunFqmn6GVDjgUWcd12Oz67dVlykjLDCF6cLqup0YM2dZ/mMAUQkGPJytpZ
+4O9Pk9MdXy4LIvJEfQyRWf9fMXWmjEjn7xYFoMbQn+078Fxqv3z2pxB0DU2u94ur
+ep4l7NATtuLoF0qrTYqxxmJi2PDhVMkpeaFQWQIDAQABAoIBAGgzT8e51pCurDQH
+z03Fz4jPqx7Dul9Rv3uuQ65NguDk9KO8Y6RHZZaqtDaI0o4NKkgUUJiOcMxOEn2h
+8RU5o4sTpzv1cMtjhPBVLHE3PI8MRDLdUbzYTF1Q8Ka85s5kcp+g++ewVAXMEJH/
+C6A48GWJ7aDOcwoRDQ7W7vLOfqT84U8on97jn1vMA30ZzailQUqvfgOHUldoQlrc
+6SnBuPnyIozIlir1+seRiNJJ17Dx7sr3nMr3c2Ugvw5ZDSCJ5PmJxZZwl+I6v2kM
+372lOHnp7u0Ii6aOeX69RvWx2CeA2sw1miMfe/b5sjOm4B4PPGwj4knbxHmVs8W4
+GTaJWjECgYEA9pAbTDBQQfvsqwnR4W/e6R1azKa0hTL9dSZBxLQjrPaHhRQsrZbE
+AudL9cfx5ucmoiX++/wVHUpU9nGhZfdvpISCPuVtTnY26Ug7UsKxf2no5gSyKQi+
+xmj0+V9/a1tGD4jdAeRRqhBLR4p1aOWZlCOgaXEq/2w021KBykkzkNcCgYEA8WYL
+5F4QnZaqRosAVPhOw7ovSPclQ70aLX56V3QMwuyLXPqIuKJBFhVHxLl97meB+hrY
+/4gmLW+hvud7dlW88A5x/sgwLy1dMgY0EJEjhVmsk+kni2ZKNsmXGuwUI1qefYk+
+l4WM4k1+5Tp32mw7i5PByQhKVWXh3318ekorkk8CgYEAyzf7R9CKVdhOOKrfUe/i
+ykBnlkXQg/iC7wuZKYdP4D9Rc14tdOXOqJX7BZjGyIm8TekDQK2EuZ+KZ5VAccp/
+Ohn9P9nZPdIxcBUY0B2oLlwcmXlFXozWsLHRN7h+TP3twOANSIHmzUSgx1ZXbx3O
+d0rl7AJabivBZQOb9h5fYgECgYAcS7vlHumPr1NyRWTakOiapL5aLS4fDJF+965b
+hezhBF0pnuxbyBkc/42UD7IlOdjQekkpWsou1UD+YZ/lNROah/bwyIJtZUHhVTzR
+HFIvlV1XUSMjge/9EBA4RafupPai/G1r0Wm8NR1EvV/DKKCqMb2rVN9xtymMyubG
+Zt9InQKBgQDd2TIVDXbPWsnh9EU893uQrLHLDJ5Xu1dcvKX8yvFDihwUrP6ycq9O
+zopzAWu8Fdm0vFEyImwkPPhEJ5kSLQW8T3RJVKQpZ1tgz8sZRXoaTOI+u9w28REc
+2/ABV6x6DknKI9qiQU4sM5hY5pweFtKDIwJFBqWtgFQR0NBoll7JHA==
+-----END RSA PRIVATE KEY-----
diff --git a/share/id_rsa_drop.ceph.com.pub b/share/id_rsa_drop.ceph.com.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDof/KRvfRO1horwNtoUfmA4c7UTnOz0zmtE2nHmhILkreqPuM+ZYmoW0v6QbEPX0iqZhXMC6f1q7DA5shi02qv+2sPsb0jxbYxhij8KYmW/9qegERH59DGRyw9DxMHdEcEUdHY2cmY4Cfd1K3kFF2PNAIvcwwIQ2rsnbOYXU5wBMACO4qRi+n926cWqafoZUOOBRZx3XY7Prt1WXKSMsMIXpwuq6nRgzZ1n+YwBRCQY8nK2lng70+T0x1fLgsi8kR9DJFZ/18xdaaMSOfvFgWgxtCf7TvwXGq/fPanEHQNTa73i6t6niXs0BO24ugXSqtNirHGYmLY8OFUySl5oVBZ public_ceph_post_key_2016-08-19
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
@@ -743,8 +743,8 @@ install(PROGRAMS
   RENAME ceph)
 
 install(FILES
-  ${CMAKE_SOURCE_DIR}/share/id_dsa_drop.ceph.com
-  ${CMAKE_SOURCE_DIR}/share/id_dsa_drop.ceph.com.pub
+  ${CMAKE_SOURCE_DIR}/share/id_rsa_drop.ceph.com
+  ${CMAKE_SOURCE_DIR}/share/id_rsa_drop.ceph.com.pub
   ${CMAKE_SOURCE_DIR}/share/known_hosts_drop.ceph.com
   DESTINATION ${CMAKE_INSTALL_DATADIR}/ceph)
 
diff --git a/src/ceph-post-file.in b/src/ceph-post-file.in
@@ -1,13 +1,13 @@
 #!/bin/bash -e
 
 # If these files exist, assume we are a source install.
-if [[ -f ../share/known_hosts_drop.ceph.com && -f ../share/id_dsa_drop.ceph.com ]]
+if [[ -f ../share/known_hosts_drop.ceph.com && -f ../share/id_rsa_drop.ceph.com ]]
     then # running from source install
        known_hosts=../share/known_hosts_drop.ceph.com
-       ssh_key=../share/id_dsa_drop.ceph.com
+       ssh_key=../share/id_rsa_drop.ceph.com
     else # running from a pkg install
        known_hosts=@datadir@/known_hosts_drop.ceph.com
-       ssh_key=@datadir@/id_dsa_drop.ceph.com
+       ssh_key=@datadir@/id_rsa_drop.ceph.com
 fi
 
 function usage() {
@@ -39,7 +39,7 @@ Options:
   -k|--known_hosts <path>    known_hosts file
                                [Default: /usr/share/ceph/known_hosts_drop.ceph.com]
   -i <path>         Ssh identity file
-                      [Default: /usr/share/ceph/id_dsa_drop.ceph.com]
+                      [Default: /usr/share/ceph/id_rsa_drop.ceph.com]
   -h|--help         Show this usage information
 "
 }
@@ -150,7 +150,7 @@ EOF
 done
 
 # no UserKnownHostsFile so that we don't try to record the IP hash key
-# GLobalKnownHostsFile so that we are verifying that this is the real drop.ceph.com
+# GlobalKnownHostsFile so that we are verifying that this is the real drop.ceph.com
 
 cp "$ssh_key" "$t4"
 cp "${ssh_key}.pub" "$t4.pub"

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDof/KRvfRO1horwNtoUfmA4c7UTnOz0zmtE2nHmhILkreqPuM+ZYmoW0v6QbEPX0iqZhXMC6f1q7DA5shi02qv+2sPsb0jxbYxhij8KYmW/9qegERH59DGRyw9DxMHdEcEUdHY2cmY4Cfd1K3kFF2PNAIvcwwIQ2rsnbOYXU5wBMACO4qRi+n926cWqafoZUOOBRZx3XY7Prt1WXKSMsMIXpwuq6nRgzZ1n+YwBRCQY8nK2lng70+T0x1fLgsi8kR9DJFZ/18xdaaMSOfvFgWgxtCf7TvwXGq/fPanEHQNTa73i6t6niXs0BO24ugXSqtNirHGYmLY8OFUySl5oVBZ public_ceph_post_key_2016-08-19`