Merge ~cjwatson/twisted:conch-rsa-sha2-ed25519 into ~launchpad/twisted:lp-backport
Status: | Merged | ||||||||
---|---|---|---|---|---|---|---|---|---|
Merged at revision: | 776cdd3f12b938b374c09889eb471dabe683c0be | ||||||||
Proposed branch: | ~cjwatson/twisted:conch-rsa-sha2-ed25519 | ||||||||
Merge into: | ~launchpad/twisted:lp-backport | ||||||||
Diff against target: |
3023 lines (+1672/-178) 23 files modified
docs/conch/examples/sshsimpleserver.py (+16/-9) docs/installation/howto/optional.rst (+3/-0) src/twisted/_version.py (+11/-5) src/twisted/conch/newsfragments/10208.feature (+1/-0) src/twisted/conch/newsfragments/10266.feature (+1/-0) src/twisted/conch/newsfragments/8966.feature (+1/-0) src/twisted/conch/newsfragments/9765.feature (+1/-0) src/twisted/conch/scripts/ckeygen.py (+42/-4) src/twisted/conch/ssh/_kex.py (+2/-1) src/twisted/conch/ssh/_keys_pynacl.py (+196/-0) src/twisted/conch/ssh/factory.py (+7/-1) src/twisted/conch/ssh/keys.py (+218/-44) src/twisted/conch/ssh/transport.py (+184/-35) src/twisted/conch/ssh/userauth.py (+2/-2) src/twisted/conch/test/keydata.py (+21/-0) src/twisted/conch/test/test_ckeygen.py (+58/-7) src/twisted/conch/test/test_keys.py (+506/-32) src/twisted/conch/test/test_recvline.py (+1/-1) src/twisted/conch/test/test_ssh.py (+36/-3) src/twisted/conch/test/test_transport.py (+350/-28) src/twisted/python/_setup.py (+6/-1) src/twisted/python/test/test_setup.py (+4/-4) tox.ini (+5/-1) |
||||||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Ioana Lasc (community) | Approve | ||
Review via email:
|
Commit message
Add support for Ed25519 keys and RSA SHA-2 signatures
Description of the change
This consists of cherry-picks of four upstream PRs (all of which have landed on trunk), one extra piece of fallback code needed to get Curve25519 key exchange working on Ubuntu 16.04, and a few minor packaging tweaks. I've bundled it together, but it may be easiest to review the commits separately.
In combination with changes to lazr.sshserver and Launchpad, I've verified that this allows SSH authentication to Launchpad endpoints using both RSA SHA-2 signatures (OpenSSH 8.8 dropped support for RSA SHA-1 signatures) and Ed25519 keys.
I considered upgrading to Twisted 21.2.0 before starting on these backports, to minimize the patch stack and pick up other improvements. Unfortunately, the minimum Python version required by 21.2.0 is 3.5.4, and getting it to work on 3.5.2 in Ubuntu 16.04 is a messy process involving reverting a bunch of `typing`-related changes, so I think it will be better to wait until all of Launchpad is on Ubuntu 18.04 or newer before rebasing on 21.2.0. (At that point we can also drop the X25519 PyNaCl fallback patch.)
There was an error fetching revisions from git servers. Please try again in a few minutes. If the problem persists, contact Launchpad support.
look good