My favorites | Sign in
Project Home Downloads Wiki Issues Source
New issue   Search
for
  Advanced search   Search tips   Subscriptions
Issue 2797: Support ecdsa-sha2-nistp256 SSH public keys
2 people starred this issue and may be notified of changes. Back to list
Status:  Released
Owner:  ----
Closed:  Aug 27


Sign in to add a comment
 
Project Member Reported by sop@google.com, Jul 25, 2014
It appears Gerrit is unable to use ecdsa-sha2-nistp256 public keys. Adding a key will save it to the database, but the key is never accepted for authentication.
Aug 16, 2014
Project Member #1 David.Os...@gmail.com
https://gerrit-review.googlesource.com/59351
Status: ChangeUnderReview
Sep 12, 2014
Project Member #2 David.Os...@gmail.com
(No comment was entered for this change.)
Status: Submitted
Labels: FixedIn-2.11
Dec 9, 2014
Project Member #3 david.pu...@sonymobile.com
Reverted with [1] because it won't work with sshd 0.9.0 which is coming up to master.

[1] https://gerrit-review.googlesource.com/#/c/62214/

Status: Accepted
Labels: -FixedIn-2.11
Apr 7, 2015
Project Member #4 david.pu...@sonymobile.com
(No comment was entered for this change.)
Labels: FixedIn-2.11
Apr 14, 2015
Project Member #5 david.pu...@sonymobile.com
(No comment was entered for this change.)
Labels: -FixedIn-2.11 FixedIn-2.10.3
Jul 7, 2015
Project Member #6 dougk....@gmail.com
I'm testing this on 2.10.5, and not able to use an ECDSA key with Gerrit (even though 2.10.3 has a new enough version, and I see this code was added back in).

This is using both OpenSSH_5.3p1, OpenSSL 1.0.1e-fips as well as OpenSSH_6.6.1p1, OpenSSL 1.0.1i.
Jul 7, 2015
Project Member #7 dougk....@gmail.com
(I should also add; I am using 2.10.5 with Bouncy Castle 1.5.1, though I had to install it by hand, since the "gerrit init" process didn't ask me to upgrade Bouncy Castle.  Otherwise, I can't confirm if Bouncy Castle is working or not, should that be necessary.)
Jul 8, 2015
Project Member #8 dougk....@gmail.com
You all might be able to ignore my crazy ramblings: I just tested a clean install of 2.10.5 and found I was able to use an ECDSA key on a clean install of 2.10.5, but not on an upgraded install; if I find more details, I'll send them to the list.
Aug 27, 2015
Project Member #9 dougk....@gmail.com
Re-tested this on 2.10.6; looks like the issue I was having is when you have one half of a key in your .ssh directory (specifically, the private key, but not the associated public key).

Discussion: https://groups.google.com/d/msg/repo-discuss/e7GQSEJZgQA/mi8cQb6VNB0J

This can be resolved, both 2.10.5 and 2.11+ should have the necessary bits to support ECDSA (and I've confirmed it works.)
Aug 27, 2015
Project Member #10 bklarson@gmail.com
Marking resolved at Doug K's request
Status: Released
Sign in to add a comment

Powered by Google Project Hosting