logerrit setup: refactor key-based SSH handling

* Don't select existing ~/.ssh/id_dsa.pub.  Since 7.0 (released
2015-08-11) OpenSSH servers won't accept DSA user keys anyway, so
users have likely rotated their legacy key material by now.

* The pubkey to copy into gerrit is derived from the first existing file
among ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519, and ~/.ssh/id_rsa.  These
algorithms are ordered as found in PubkeyAcceptedKeyTypes' default
value as of OpenSSH 8.1.  (EC keys are only supported since Gerrit
1.14.)  Generate an RSA key when ~/.ssh doesn't exist, as before,
since it's still the default in ssh-keygen(1) from OpenSSH 8.1.

* In the ssh_config(5) stanza, only include the IdentityFile when a
the private key file exists.  The private key material might reside
somewhere else, for instance in a smartcard or in an external agent's
key store; in both cases the ssh client can authenticate the user
without direct access to the key material.  While it's possible to
set IdentityFile to a pubkey (with IdentitiesOnly={yes,no}) it's not
documented and thus shouldn't be used.

Change-Id: Id73a2798747ce5c394b0cf2d0dc40107a1f2c599
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/86858
Reviewed-by: Guilhem Moulin <guilhem@libreoffice.org>
Tested-by: Guilhem Moulin <guilhem@libreoffice.org>

0 files changed, 0 insertions, 0 deletions