diff --git a/changelogs/fragments/ansible-test-ssh-keygen-fix.yml b/changelogs/fragments/ansible-test-ssh-keygen-fix.yml new file mode 100644 index 00000000000..a6803510ff3 --- /dev/null +++ b/changelogs/fragments/ansible-test-ssh-keygen-fix.yml @@ -0,0 +1,2 @@ +bugfixes: + - ansible-test now updates SSH keys it generates with newer versions of ssh-keygen to function with Paramiko diff --git a/test/lib/ansible_test/_data/setup/remote.sh b/test/lib/ansible_test/_data/setup/remote.sh index 79552594582..4cb8a233008 100644 --- a/test/lib/ansible_test/_data/setup/remote.sh +++ b/test/lib/ansible_test/_data/setup/remote.sh @@ -85,6 +85,11 @@ fi if [ ! -f "${HOME}/.ssh/id_rsa.pub" ]; then ssh-keygen -m PEM -q -t rsa -N '' -f "${HOME}/.ssh/id_rsa" + # newer ssh-keygen PEM output (such as on RHEL 8.1) is not recognized by paramiko + touch "${HOME}/.ssh/id_rsa.new" + chmod 0600 "${HOME}/.ssh/id_rsa.new" + sed 's/\(BEGIN\|END\) PRIVATE KEY/\1 RSA PRIVATE KEY/' "${HOME}/.ssh/id_rsa" > "${HOME}/.ssh/id_rsa.new" + mv "${HOME}/.ssh/id_rsa.new" "${HOME}/.ssh/id_rsa" cp "${HOME}/.ssh/id_rsa.pub" "${HOME}/.ssh/authorized_keys" for key in /etc/ssh/ssh_host_*_key.pub; do pk=$(cat "${key}") diff --git a/test/lib/ansible_test/_internal/core_ci.py b/test/lib/ansible_test/_internal/core_ci.py index ab00b335db9..0cc821912a8 100644 --- a/test/lib/ansible_test/_internal/core_ci.py +++ b/test/lib/ansible_test/_internal/core_ci.py @@ -4,6 +4,7 @@ __metaclass__ = type import json import os +import re import traceback import uuid import errno @@ -631,6 +632,13 @@ class SshKey: if not os.path.isfile(key) or not os.path.isfile(pub): run_command(args, ['ssh-keygen', '-m', 'PEM', '-q', '-t', 'rsa', '-N', '', '-f', key]) + # newer ssh-keygen PEM output (such as on RHEL 8.1) is not recognized by paramiko + with open(key, 'r+') as key_fd: + key_contents = key_fd.read() + key_contents = re.sub(r'(BEGIN|END) PRIVATE KEY', r'\1 RSA PRIVATE KEY', key_contents) + key_fd.seek(0) + key_fd.write(key_contents) + return key, pub