Remove usage of obsolete trilead-putty key

[olamy]

Signed-off-by: Olivier Lamy [email protected]

Testing done

Submitter checklist

Preview Give feedback

1. Make sure you are opening from a topic/feature/bugfix branch (right side) and not your main branch!
2. Ensure that the pull request title represents the desired changelog entry
3. Please describe what you did
4. Link to relevant issues in GitHub or Jira
5. Link to relevant pull requests, esp. upstream and downstream changes
6. Ensure you have provided tests - that demonstrates feature works or fixes the issue

[jtnord]

I have no idea how often putty style keys are used (mostly generated from windows users I guess), but if we need to the spec is public.

[jglick]

Following up #199 I guess.

[jglick]

I think you want to break out of the outer loop (meaning adding a label) rather than the inner loop. Otherwise for a PuTTY key you will add two entries to privateKeys.

(Is there no test coverage for this?)

[olamy]

well I'm really tempted to remove this putty key extension as this is not up to date and doesn't even work with current version of PuTTy.
using something such puttygen -t rsa -b 2048 -o mykey.ppk uttygen -t rsa -b 2048 -o mykey.ppk
you get a file starting with

PuTTY-User-Key-File-3: ssh-rsa

This key will simply generate a NPE because of this line https://github.com/kohsuke/trilead-putty-extension/blob/e928d8b5cc80a35d521b05e8256bdd5100cba616/src/main/java/org/kohsuke/putty/PuTTYKey.java#L149

So I'm just tempted to remove this code which simply doesn't work anymore...

[jtnord]

FTR v3 was released with 0.75 which was 2021-05-08 so it almost 3 years ago.

[olamy]

So, in the last 3 years, no single key created with PuTTy could have been used.
I couldn't find any issue reported in Jira...
It looks like we can remove the support of the PuTTy key format.
I'm not sure why someone re-invented the wheel by inventing another format.

https://xkcd.com/927/

[jtnord]

Seems reasonable to remove, but I'm sure someone will be using an old V2 key from a server configured long ago...
Not sure why putty keys were not using a different Key source to begin with though

[olamy]

Seems reasonable to remove, but I'm sure someone will be using an old V2 key from a server configured long ago...

Easy bet to win :)

[jtnord]

Seems reasonable to me, but will delay merging to let others have an opinion

[salsifis]

Seems reasonable to remove, but I'm sure someone will be using an old V2 key from a server configured long ago... Not sure why putty keys were not using a different Key source to begin with though

I can announce that you won your bet :)

Here is, for those who will encounter this problem, how to convert your older PuTTY credentials to more standard ones:

• Open PuTTYgen
• Load your key in the PuTTY format (.ppk) using the passphrase
• Click “Conversions” › Export OpenSSH key (force new file format)

The resulting file can be used as the private key in a new credentials entry, with the same passphrase.

[jglick]

@salsifis I took the liberty of adding your instructions (unconfirmed) to https://github.com/jenkinsci/ssh-credentials-plugin/releases/tag/334.v7732563deee1 for better discoverability. @olamy / @jtnord should this be reverted and the originally proposed extension point reintroduced?

[jtnord]

. @olamy / @jtnord should this be reverted and the originally proposed extension point reintroduced?

I am in 2 minds here.
on the one hand I do not like breaking things,
on the other the ep (and the old code as implemented) seemed to violate the kiss principal, and the UI does not purport to support these keys (nor does it purport to support OpenSSH keys - so that may be a moot point, however it is producing only OpenSSH based keys for use).

[olamy]

@salsifis congratulations! bravo :)
I agree it's usually not a good idea to break things.
But here the putty key support is kind of obscure (not even clearly documented and coming transitively from some libraries called trilead-....) and really poor as we do not support keys generated by the last version of Putty.
The migration of the key looks to be very easy and thanks @jglick adding it to the release notes.

[salsifis]

@olamy @jtnord

In my opinion the main problem here is that this end of support was not announced (no warnings or whatever in the Jenkins interface). We had to look at the Jenkins logs and do some research to understand why an update caused the jobs to abort.

It would be better to have warnings if deprecations are on the table.

[jtnord]

@olamy can you add the compatable-since to the hpi plugin configuration (denoting the first version that removed the support) - that way it will at least get the warning to prompt users to go to the release notes.

[olamy]

That sounds like a good idea. #202