-
Notifications
You must be signed in to change notification settings - Fork 5.8k
Fix generating SSH key fingerprints with OpenSSH 6.8. #9008
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
|
@jacobvosmaer Can you take a look? |
|
The new format has "MD5:" prepended which parsed successfully but incorrectly, preventing users from using the SSH key, so I fixed that too. |
|
Thanks for looking into this @sstanovnik |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This regex code looks a little wonky to me. I wonder if we can just pick out the MD5 fingerprint with something like:
# constant should be defined somewhere at the top of the class
FINGERPRINT_REGEX = Regexp.new('\h{2}:' * 15 + '\h{2}') # 16 hex bytes separated by ':'
self.fingerprint = cmd_output.scan(FINGERPRINT_REGEX).firstThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
On the other hand, anchoring against the MD5 prefix seems like a nice defensive idea.
|
I like the basic idea but I am not 100% sure about the code style. What do you think @vsizov ? |
|
@jacobvosmaer It looks good for me. |
|
Already first issue reported related to this https://gitlab.com/gitlab-org/gitlab-ce/issues/1289 |
|
@vsizov @jacobvosmaer Any updates? |
|
I've cleaned the code up somewhat and posted a new MR to gitlab.com: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/519 Thanks for your contribution @sstanovnik, I've credited you in the changelog. |
Fix generating SSH key fingerprints with OpenSSH 6.8. Replaces #9008. Fixes gitlab-org/gitlab-ce#1289. cc @jacobvosmaer See merge request !519
|
In case my quickfix is useful to anyone else: Tempfile.open('gitlab_key_file') do |file|
file.puts key
file.rewind
cmd_output, cmd_status = popen(%W(ssh-keygen -E md5 -lf #{file.path}), '/tmp')
end
if cmd_status.zero?
puts "cmd_status was zero"
cmd_output.match /MD5:(([\d\h]{2}:)+[\d\h]{2})/ do |match|
self.fingerprint = match[1]
end
end |
|
This got fixed in GitLab 7.10 |
OpenSSH 6.8 introduces a new feature that changes the default fingerprint format and algorithm used by
ssh-keygen. This breaks adding new SSH keys, because GitLab expects the colon-delimited format.The message the user sees on the Add an SSH Key screen is "Fingerprint cannot be generated", similar to #7413, but the underlying cause is different.
This change checks the OpenSSH version and explicitly specifies the previous format if needed.