beckermj/vaguerent
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add key_type configuration option for ssh

Browse Source 
Adds a new `key_type` option to the Vagrantfile ssh configuration. It
defaults to :auto which allows auto detection of key type to use.
Otherwise it can be set to an explicit type supported by Vagrant.
This commit is contained in:
Chris Roberts 2024-01-10 11:37:50 -08:00
parent b934bd675c
commit 443ff01ab7
4 changed files with 50 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
plugins/kernel_v2/config/ssh_connect.rb
View File

@ -15,6 +15,7 @@ module VagrantPlugins
attr_accessor :password attr_accessor :password
attr_accessor :insert_key attr_accessor :insert_key
attr_accessor :keys_only attr_accessor :keys_only
attr_accessor :key_type
attr_accessor :paranoid attr_accessor :paranoid
attr_accessor :verify_host_key attr_accessor :verify_host_key
attr_accessor :compression attr_accessor :compression
@ -33,6 +34,7 @@ module VagrantPlugins
@password = UNSET_VALUE @password = UNSET_VALUE
@insert_key = UNSET_VALUE @insert_key = UNSET_VALUE
@keys_only = UNSET_VALUE @keys_only = UNSET_VALUE
@key_type = UNSET_VALUE
@paranoid = UNSET_VALUE @paranoid = UNSET_VALUE
@verify_host_key = UNSET_VALUE @verify_host_key = UNSET_VALUE
@compression = UNSET_VALUE @compression = UNSET_VALUE
@ -50,6 +52,7 @@ module VagrantPlugins
@password = nil if @password == UNSET_VALUE @password = nil if @password == UNSET_VALUE
@insert_key = true if @insert_key == UNSET_VALUE @insert_key = true if @insert_key == UNSET_VALUE
@keys_only = true if @keys_only == UNSET_VALUE @keys_only = true if @keys_only == UNSET_VALUE
@key_type = :auto if @key_type == UNSET_VALUE
@paranoid = false if @paranoid == UNSET_VALUE @paranoid = false if @paranoid == UNSET_VALUE
@verify_host_key = :never if @verify_host_key == UNSET_VALUE @verify_host_key = :never if @verify_host_key == UNSET_VALUE
@compression = true if @compression == UNSET_VALUE @compression = true if @compression == UNSET_VALUE
@ -96,6 +99,10 @@ module VagrantPlugins
rescue rescue
# ignore # ignore
end end
if @key_type
@key_type = @key_type.to_sym
end
end end
# NOTE: This is _not_ a valid config validation method, since it # NOTE: This is _not_ a valid config validation method, since it
@ -140,6 +147,14 @@ module VagrantPlugins
given: @connect_timeout.to_s) given: @connect_timeout.to_s)
end end
if @key_type != :auto && !Vagrant::Util::Keypair.valid_type?(@key_type)
errors << I18n.t(
"vagrant.config.ssh.connect_invalid_key_type",
given: @key_type.to_s,
supported: Vagrant::Util::Keypair.available_types.join(", ")
)
end
errors errors
end end
end end

2
templates/locales/en.yml
View File

@ -2065,6 +2065,8 @@ en:
`%{given}` type which cannot be converted to an Integer type. `%{given}` type which cannot be converted to an Integer type.
connect_timeout_invalid_value: |- connect_timeout_invalid_value: |-
The `connect_timeout` key only accepts values greater than 1 (received `%{given}`) The `connect_timeout` key only accepts values greater than 1 (received `%{given}`)
connect_invalid_key_type: |-
Invalid SSH key type set ('%{given}'). Supported types: %{supported}
triggers: triggers:
bad_trigger_type: |- bad_trigger_type: |-
The type '%{type}' defined for trigger '%{trigger}' is not valid. Must be one of the following types: '%{types}' The type '%{type}' defined for trigger '%{trigger}' is not valid. Must be one of the following types: '%{types}'

27
test/unit/plugins/kernel_v2/config/ssh_connect_test.rb
View File

@ -44,6 +44,33 @@ describe VagrantPlugins::Kernel_V2::SSHConnectConfig do
end end
end end
describe "#key_type" do
it "defaults to :auto" do
subject.finalize!
expect(subject.key_type).to eq(:auto)
end
it "should allow supported key type" do
subject.key_type = :ed25519
subject.finalize!
errors = subject.validate(machine)
expect(errors).to be_empty
end
it "should not allow unsupported key type" do
subject.key_type = :unknown_type
subject.finalize!
errors = subject.validate(machine)
expect(errors).not_to be_empty
end
it "should convert string values to symbol" do
subject.key_type = "ecdsa521"
subject.finalize!
expect(subject.key_type).to eq(:ecdsa521)
end
end
describe "#config" do describe "#config" do
let(:config_file) { "/path/to/config" } let(:config_file) { "/path/to/config" }

6
website/content/docs/vagrantfile/ssh_settings.mdx
View File

@ -90,6 +90,12 @@ defaults are typically fine, but you can fine tune whatever you would like.
- `config.ssh.keys_only` (boolean) - Only use Vagrant-provided SSH private keys (do not use - `config.ssh.keys_only` (boolean) - Only use Vagrant-provided SSH private keys (do not use
any keys stored in ssh-agent). The default value is `true`. any keys stored in ssh-agent). The default value is `true`.
- `config.ssh.key_type` (string, symbol) - The SSH key type that should be used when generating
a new key to replace the default insecure key. Supported values are: `:ed25519`, `:ecdsa256`,
`:ecdsa384`, `:ecdsa521`, `:rsa`, and `:auto`. When the value is set to `:auto`, Vagrant will
automatically pick a type based on what is supported by the guest SSH server. The default
value is `:auto`.
- `config.ssh.paranoid` (boolean) - Perform strict host-key verification. The default value is - `config.ssh.paranoid` (boolean) - Perform strict host-key verification. The default value is
`false`. `false`.