Adding sk-ssh-ed25519 ssh keys through LDAP sync job, fails with 'type is forbidden. Must be RSA, ECDSA, ED25519, ECDSA_SK, or ED25519_SK'

Summary

It seems like adding sk-ssh-ed25519 keys through LDAP doesn't work as expected.

Steps to reproduce

Generate a public sk-ssh-ed25519, add it to your LDAP user, wait for Gitlab to sync. The following error message pops up after the Users sync job is done:

application_json.log:25112:{"severity":"INFO","time":"2023-06-14T10:30:03.778Z","correlation_id":"a2e388390541aefc81116603beb02ced","message":"Gitlab::Auth::Ldap::Access: adding LDAP SSH key \"ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIPnI5pgZCsItcMh9e4lVK3CBP7cU0RbYnDzFE73dtdQnAAAABHNzaDo=\" to blah.blah (15)"}
application_json.log:25113:{"severity":"ERROR","time":"2023-06-14T10:30:03.795Z","correlation_id":"a2e388390541aefc81116603beb02ced","message":"Gitlab::Auth::Ldap::Access: failed to add LDAP SSH key \"ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIPnI5pgZCsItcMh9e4lVK3CBP7cU0RbYnDzFE73dtdQnAAAABHNzaDo=\" to blah.blah (15)\nerror messages: {:fingerprint_sha256=\u003e[\"cannot be generated\"], :key=\u003e[\"type is forbidden. Must be RSA, ECDSA, ED25519, ECDSA_SK, or ED25519_SK\"]}"}

judging by the log it seems like the parser is broken since it removes the 'sk-' prefix from the public key, ie:

sk-ssh-ed25519@openssh.com vs ssh-ed25519@openssh.com, note the whole public key is:

sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIPnI5pgZCsItcMh9e4lVK3CBP7cU0RbYnDzFE73dtdQnAAAABHNzaDo=

and not

ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIPnI5pgZCsItcMh9e4lVK3CBP7cU0RbYnDzFE73dtdQnAAAABHNzaDo=

I believe this is the parser with the wrong lines of code (perhaps the regex needs to account for the sk- prefix):

          def ssh_keys
            if config.sync_ssh_keys? && entry.respond_to?(config.sync_ssh_keys)
              entry[config.sync_ssh_keys.to_sym]
                .map { |key| key[/(ssh|ecdsa)-[^ ]+ [^\s]+/] }
                .compact
            else
              []
            end
          end

What is the current bug behavior?

The key doesn't get added as expected.

What is the expected correct behavior?

The key should be in the user interface after syncing with the LDAP service.

Relevant logs and/or screenshots

Please see the original description.

Output of checks

Results of GitLab environment info

Expand for output related to GitLab environment info

(For installations with omnibus-gitlab package run and paste the output of: \\\\\\\`sudo gitlab-rake gitlab:env:info\\\\\\\`) (For installations from source run and paste the output of: \\\\\\\`sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production\\\\\\\`)

Results of GitLab application Check

Expand for output related to the GitLab application check

(For installations with omnibus-gitlab package run and paste the output of: \\\`sudo gitlab-rake gitlab:check SANITIZE=true\\\`) (For installations from source run and paste the output of: \\\`sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true\\\`) (we will only investigate if the tests are passing)

Possible fixes

See the description above.