Use id_rsa/id_rsa.pub file naming convention and RSA format for best …

…portability.
educates · Feb 3, 2023 · acf06d8 · acf06d8
1 parent 1511ee5
commit acf06d8
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 22 deletions.
diff --git a/session-manager/handlers/workshopsession.py b/session-manager/handlers/workshopsession.py
@@ -691,19 +691,18 @@ def resolve_security_policy(name):
         encryption_algorithm=cryptography.hazmat.primitives.serialization.NoEncryption(),
     )
 
-    pem_public_key = private_key.public_key().public_bytes(
-        encoding=cryptography.hazmat.primitives.serialization.Encoding.PEM,
-        format=cryptography.hazmat.primitives.serialization.PublicFormat.SubjectPublicKeyInfo,
-    )
-
     rsa_public_key = private_key.public_key().public_bytes(
         encoding=cryptography.hazmat.primitives.serialization.Encoding.OpenSSH,
         format=cryptography.hazmat.primitives.serialization.PublicFormat.OpenSSH,
     )
 
-    ssh_private_key_pem = unencrypted_pem_private_key.decode("utf-8")
-    ssh_public_key_pem = pem_public_key.decode("utf-8")
-    ssh_public_key_rsa = rsa_public_key.decode("utf-8")
+    # pem_public_key = private_key.public_key().public_bytes(
+    #     encoding=cryptography.hazmat.primitives.serialization.Encoding.PEM,
+    #     format=cryptography.hazmat.primitives.serialization.PublicFormat.SubjectPublicKeyInfo,
+    # )
+
+    ssh_private_key = unencrypted_pem_private_key.decode("utf-8")
+    ssh_public_key = rsa_public_key.decode("utf-8")
 
     # For unexpected errors beyond this point we will set the status to say
     # things Failed since we can't really recover.
@@ -927,9 +926,8 @@ def resolve_security_policy(name):
         ingress_secret=INGRESS_SECRET,
         ingress_class=INGRESS_CLASS,
         storage_class=CLUSTER_STORAGE_CLASS,
-        ssh_private_key_pem=ssh_private_key_pem,
-        ssh_public_key_pem=ssh_public_key_pem,
-        ssh_public_key_rsa=ssh_public_key_rsa,
+        ssh_private_key=ssh_private_key,
+        ssh_public_key=ssh_public_key,
     )
 
     application_variables_list = workshop_spec.get("session").get("variables", [])
@@ -2377,8 +2375,10 @@ def _apply_environment_patch(patch):
             },
         },
         "data": {
-            "private.pem": base64.b64encode(ssh_private_key_pem.encode("utf-8")).decode("utf-8"),
-            "public.pem": base64.b64encode(ssh_public_key_pem.encode("utf-8")).decode(
+            "id_rsa": base64.b64encode(ssh_private_key.encode("utf-8")).decode(
+                "utf-8"
+            ),
+            "id_rsa.pub": base64.b64encode(ssh_public_key.encode("utf-8")).decode(
                 "utf-8"
             ),
         },

diff --git a/workshop-images/base-environment/opt/eduk8s/etc/setup.d/02-ssh-keys.sh b/workshop-images/base-environment/opt/eduk8s/etc/setup.d/02-ssh-keys.sh
@@ -6,21 +6,17 @@ set -eo pipefail
 # Don't run these steps again if we already have a SSH private key in place or
 # if there are no source SSH keys available.
 
-if [ -f $HOME/.ssh/id_rsa -o ! -f /opt/ssh-keys/private.pem ]; then
+if [ -f $HOME/.ssh/id_rsa -o ! -f /opt/ssh-keys/id_rsa ]; then
     exit 0
 fi
 
-# Copy the SSH private/public key file into place. We need to convert the public
-# key to rsa format in the process.
+# Copy the SSH host private/public key files into the home directory.
 
 mkdir -p $HOME/.ssh
 
 chmod 0700 $HOME/.ssh
 
-cp /opt/ssh-keys/private.pem $HOME/.ssh/id_rsa
+cp /opt/ssh-keys/id_rsa $HOME/.ssh/id_rsa
+cp /opt/ssh-keys/id_rsa.pub $HOME/.ssh/id_rsa.pub
 
-chmod 0600 $HOME/.ssh/id_rsa
-
-ssh-keygen -f /opt/ssh-keys/public.pem -i -m PKCS8 > $HOME/.ssh/id_rsa.pub
-
-chmod 0600 $HOME/.ssh/id_rsa.pub
+chmod 0600 $HOME/.ssh/id_rsa $HOME/.ssh/id_rsa.pub