-
Notifications
You must be signed in to change notification settings - Fork 1.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
login: Make SSH known host key compatible with cockpit-beiboot
cockpit-ssh sends us full host keys, which the login page puts into localStore. ferny/cockpit-beiboot can't do that, as there is no portable way to tell ssh(1) to show full host keys. Make this check compatible: If the reference key in the db is a full host key (not including a `:`, which is invalid base64), but the key received from the auth bridge (cockpit-beiboot) is a fingerprint (starting with "SHA256:"), then compute the fingerprint of the reference key and compare it to the received fingerprint. There is an additional twist: cockpit-ssh and cockpit-beiboot/ssh don't always agree on the presented key type. We only store one host key (unlike ~/.ssh/known_hosts, which stores all of them), so if the DB and received key type don't match, then just treat the host as new/unseen, instead of the much more scary "host key changed" dialog.
- Loading branch information
1 parent
1d96c4e
commit 6a9a3e0
Showing
2 changed files
with
75 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters