search

hashicorp / terraform-provider-tls

Utility provider that works with Transport Layer Security keys and certificates. It provides resources that allow private keys, certificates and certficate requests to be created as part of a Terraform deployment.
https://registry.terraform.io/providers/hashicorp/tls/latest
Mozilla Public License 2.0
181 stars 103 forks source link

Support for rsa-sha2-256 and rsa-sha2-512 signature algorithms #502

Open cveld opened 2 months ago

cveld commented 2 months ago

Terraform CLI and Provider Versions

1.8.1

Use Cases or Problem Statement

To connect through ssh with Azure Repos, a key is required with either rsa-sha2-256 or rsa-sha2-512 signature algorithm.

Proposal

Please add an option in the resource tls_private_key to target one of these signatures.

How much impact is this issue causing?

High

Additional Information

No response

Code of Conduct

cveld commented 2 months ago

It seems this is an irrelevant request. Based on https://superuser.com/questions/1556852/how-to-check-if-your-ssh-keys-are-in-the-ssh-rsa2-format, it seems that the key is already rsa and that it is really the client that selects the desired signature algorithm. Can you confirm?

msterin commented 2 months ago

It seems this is an irrelevant request. Based on https://superuser.com/questions/1556852/how-to-check-if-your-ssh-keys-are-in-the-ssh-rsa2-format, it seems that the key is already rsa and that it is really the client that selects the desired signature algorithm. Can you confirm?

It does not look that way. Here is MSFT statement about RSA algorithm deprecation in Azure Repos They require keys generated with RSA-SHA2-256 or RSA-SHA2-512 cipher (e.g. -t rsa-sha2-512 in ssh-keygen). The one generated as -t rsa is throttled and will be declined RSN, no matter the client