argocd-operator icon indicating copy to clipboard operation
argocd-operator copied to clipboard

Published 20 hours ago verified publisher icon argoproj-labs

fix: add missing github.com host keys

Open raelga opened this issue 2 years ago • 5 comments

What type of PR is this?

/kind enhancement

What does this PR do / why we need it:

Adds the missing Github.com keys added after https://github.blog/2021-09-01-improving-git-protocol-security-github/. Those keys are required to connect to Github.com, otherwise it raises the following error: error testing repository connectivity: ssh: handshake failed: knownhosts: key mismatch

time="2022-07-14T19:00:17Z" level=info msg="Alloc=9943 TotalAlloc=29697 Sys=28753 NumGC=10 Goroutines=15"

The default known_hosts list was already updated in ArgoCD with https://github.com/argoproj/argo-cd/pull/7722

Have you updated the necessary documentation?

N/A

Which issue(s) this PR fixes:

N/A

How to test changes / Special notes to the reviewer:

raelga avatar Jul 14 '22 19:07 raelga

CLA assistant check
All committers have signed the CLA.

CLAassistant avatar Jul 14 '22 19:07 CLAassistant

cc @jomkz @iam-veeramalla

raelga avatar Aug 05 '22 13:08 raelga

@raelga Thanks for the PR :). Do you think we should remove the existing RSA key for github.com in the defaults.go ?

iam-veeramalla avatar Aug 05 '22 13:08 iam-veeramalla

@raelga Thanks for the PR :). Do you think we should remove the existing RSA key for github.com in the defaults.go ?

@raelga what do you think ?

iam-veeramalla avatar Sep 01 '22 08:09 iam-veeramalla

Hey @iam-veeramalla,

Let me check the GitHub.com documentation to review with keys can be removed safely and update th PR.

raelga avatar Sep 01 '22 10:09 raelga

It seems that RSA is still in use:

> ssh-keyscan github.com
# github.com:22 SSH-2.0-babeld-408889af
github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
# github.com:22 SSH-2.0-babeld-408889af
# github.com:22 SSH-2.0-babeld-408889af
# github.com:22 SSH-2.0-babeld-408889af
github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
# github.com:22 SSH-2.0-babeld-408889af
github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=

Is there any workaround this issue until this gets merged (except manually adjusting argocd-ssh-known-hosts-cm CM with)?

BostjanBozic avatar Dec 20 '22 11:12 BostjanBozic

If is still in use, we can just merge this PR.

raelga avatar Dec 20 '22 14:12 raelga