OpenStack Compute (nova)

Keypair creation fails when ssh public key comment contains spaces

Bug #1481084 reported by Trevor McKay on 2015-08-03

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Compute (nova)	Fix Released	Undecided	Davanum Srinivas (DIMS)	OpenStack Compute (nova) 12.0.0 "liberty"

Bug Description

In the Sahara project, we have been generating public keys to use with nova keypair creation for some time. These keys have a key comment of the form "Generated by Sahara"

This has worked until recently. However, it fails currently as follows:

$ more ~/public_key
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYwUk/fuNiNoseN5tgKt2NsfxeZIE7cC4bcGeJ3WacY8Ss2s/vw1WrBwoicd4cjwkpmrxQkR1d1vBzLyrE/ovHStyu1Gv/Os+wVB0j64AKlG6MZFMeJVuP9M+O0uSqBuEYhzaTvKofiVcrLJat7bJ9S8
MpTWj7ZXRbKKD/+pT1jxll4vCHKLo9caazl7vFI/hRcqMWAr+oYNZYh1BZeNxMWGtEgf11zHiStR1tvs/4CEstajPWWlkHcVeUuGgs8/+kNToUZ22i8kORp8ZFwp11pvFtieAYtBFBWWrze2U1irct34JAHTmemk8SZ/RmN9tLpIP8BspFdWnFylzVyuPZ
Generated by Sahara

(openstack) keypair create --public-key ~/public_key bob
ERROR: openstack Keypair data is invalid: failed to generate fingerprint (HTTP 400) (Request-ID: req-370e6a3a-d01d-44a4-8a10-160282ec9488)

Removing or replacing the spaces in the key comment fixes the problem (or hides it)

This seems to be happening because usr/lib/python2.7/site-packages/cryptography/hazmat/primitives/serialization.py(36)load_ssh_public_key() is seeing the whole key and splitting on spaces. So the key comment is throwing off the key component count.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-08-03: Fix proposed to nova (master)

Fix proposed to branch: master
Review: https://review.openstack.org/208661

Changed in nova:
assignee:	nobody → Davanum Srinivas (DIMS) (dims-v)
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-09-14: Fix merged to nova (master)

Reviewed: https://review.openstack.org/208661
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=42debc4cfdf22f72259e858d1e3e3a2ec5cf2bdd
Submitter: Jenkins
Branch: master

commit 42debc4cfdf22f72259e858d1e3e3a2ec5cf2bdd
Author: Davanum Srinivas <email address hidden>
Date: Mon Aug 3 17:26:29 2015 -0400

Test cases for better handling of SSH key comments

    sshd man page says:
    "The optional comment field continues to the end
    of the line, and is not used."
    http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/sshd.8?query=sshd&sec=8

This bug has been fixed in upstream
https://github.com/pyca/cryptography/issues/2199

    Closes-Bug: #1481084
    Depends-On: I28b7ab2e49ef4063a33c6122ea8355a16c3105a5
    Change-Id: Ic157961a4282f0d54d4682d9374c170a66ddde5c

Changed in nova:
status:	In Progress → Fix Committed

Thierry Carrez (ttx) on 2015-09-24

Changed in nova:
milestone:	none → liberty-rc1
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2015-10-15

Changed in nova:
milestone:	liberty-rc1 → 12.0.0

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.