Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update how bad SSH keys are handled in the UI #706

Open
Tracked by #710
digimer opened this issue Aug 27, 2024 · 3 comments
Open
Tracked by #710

Update how bad SSH keys are handled in the UI #706

digimer opened this issue Aug 27, 2024 · 3 comments
Assignees
@digimer @ylei-tsubame
Labels
enhancement High To be resolved once all urgent issues are clear
Milestone
3.1 Beta - blockers

Comments

@digimer
Copy link
Member

digimer commented Aug 27, 2024

The old way was to look up state_uuids that contained the bad_file=X,bad_line=Y. This needs to be updated so that the job_data is just bad_key=X.

We need to coordinate this so that we update Remote.pm calls that record the bad key directly, instead of the file/line.
@digimer digimer added enhancement normal normal priority labels Aug 27, 2024
@digimer digimer added this to the 3.1 Beta - blockers milestone Aug 27, 2024
@digimer
Copy link
Member Author

digimer commented Aug 27, 2024

The back-end is updated now to support the old way and the new way.

The front end needs to now show bad keys, and not worry about which host noticed first. That is to say, pull the host with the changed key from states -> state_name by pull the name or IP from host_key_changed::X. The offending key is recorded in state_note as key=Y. If multiple entries exist with the same key (ie: one with the short host name, one with the full domain name, one with the IP), use the one that matches a hosts -> host_name. If none match, show the first match that isn't an IP address. If only IP addresses exist, show the first one you see.

In any case, when the user requests a bad key to be deleted, create a job for each host with the job_data being bad_key=Y. The back end now looks for any entry with that key and deletes them all, so the offending file/line mechanism is no longer needed.

When the front end is ready, there is legacy code to remove from the back end before this issue closes.

@ylei-tsubame
Copy link
Collaborator

Additional notes:

  • Since 1 state entry could only refer to 1 line in known_hosts, the new edition uses the key directly. Each key can be labelled with different ids, i.e., ip, host name/domain
  • We need to remove the selected key(s) across all hosts. It's system-wide instead of per host.

@digimer digimer added High To be resolved once all urgent issues are clear and removed normal normal priority labels Aug 28, 2024
@ylei-tsubame
Copy link
Collaborator

Refer to #703 for previous records of this issue.

@digimer digimer mentioned this issue Aug 28, 2024
Open
7 tasks
digimer pushed a commit that referenced this issue Oct 2, 2024
@digimer-bot
Fixed a problem with looking for bad keys.
2563939 
* Removed old code now that issue #706 is closed.
* Enabled some striker replacement logging

Signed-off-by: Madison Kelly <[email protected]>
digimer pushed a commit that referenced this issue Oct 3, 2024
@digimer-bot
Fixed a problem with looking for bad keys.
6d63c21 
* Removed old code now that issue #706 is closed.
* Enabled some striker replacement logging

Signed-off-by: Madison Kelly <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@digimer digimer

@ylei-tsubame ylei-tsubame

Labels
enhancement High To be resolved once all urgent issues are clear
Projects
None yet
Milestone
3.1 Beta - blockers
Development

No branches or pull requests
4 participants
@digimer @fabbione @ylei-tsubame and others