Add test-ssh-public-key-auth.sh script#516
Closed
vxgmichel wants to merge 1 commit into
Closed
Conversation
vxgmichel
force-pushed
the
vml/add-test-ssh-public-key-auth-script
branch
from
5247a57 to
bd8a966
Compare
6 tasks
rzr
reviewed
May 5, 2026
vxgmichel
force-pushed
the
vml/add-test-ssh-public-key-auth-script
branch
from
bd8a966 to
91dd9dd
Compare
Contributor
|
My opinion:
|
Contributor
Author
|
Conclusion from daily: we don't want to maintain this, the script can be found in this PR anyway if we need it later. |
Signed-off-by: Vincent Michel <vincent.michel@vates.tech>
vxgmichel
force-pushed
the
vml/add-test-ssh-public-key-auth-script
branch
from
91dd9dd to
1c96fd1
Compare
Contributor
Author
|
Quick open/close to update the reference script |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR adds a script to test that older OpenSSH client versions can still connect to an XCP-ng server using public key authentication.
Usage
Context
Due to the removal of the
ssh-rsasignature algorithm in OpenSSH 9.8, older clients (version < 7.2) are no longer able to use public key authentication withssh-rsakeys. Howerver, newer OpenSSH versions (7.2 and above) should still be able to authenticate usingssh-rsakeys, as well ased25519keys. This script can be used to verify this assumption by running a matrix of tests with different OpenSSH client versions and key types against a specified host. In practice, it should be run manually against a test XCP-ng server whenever the OpenSSH RPM package is updated, to ensure that we maintain compatibility with older clients.Requirements
It requires Docker or Podman to be installed.
Why here?
It was decided during the daily meeting that this was the right place for test scripts that are not integrated in the CI.
Why not integrated in the CI?
Having to depend on Docker/Podman has been deemed to heavy for a script that can be run manually whenever a new OpenSSH RPM package is built. An alternative to consider in the future would be to use a VM image from our lab instead of a docker container.