Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New SSH keys with comments including whitespace are truncated #1622

Closed
JeffMelton opened this issue Sep 11, 2015 · 6 comments
Closed

New SSH keys with comments including whitespace are truncated #1622

JeffMelton opened this issue Sep 11, 2015 · 6 comments
Labels
💊 bug Something isn't working
Milestone
0.7.0

Comments

@JeffMelton
Copy link

Steps to recreate:

  • Create a new SSH key: ssh-keygen -t rsa -b 4096 -C "comment with whitespace"
  • Copy new key to clipboard: xclip -sel clip < ~/.ssh/id_rsa.pub
  • Add it to a user's authorized keys via GoGS web GUI
    • Account Settings -> SSH Keys -> Add Key
    • paste clipboard contents
    • name key
    • Add Key
  • Attempt to authenticate: ssh -T git@example.com

Expected behavior:

  • GoGS should not truncate comments on whitespace.
  • From sshd(8) (emphasis mine):

Bits, exponent, and modulus are taken directly from the RSA host key; they can be obtained, for example, from /etc/ssh/ssh_host_key.pub. The optional comment field continues to the end of the line, and is not used.

I've looked at the git user's authorized_keys file on my server, and can confirm that the comment is truncated at the first whitespace. If one creates a new SSH key without comment, or without whitespace, i.e. ssh-keygen -t rsa -b 4096 -C "comment_without_whitespace", and follows the same steps as above for adding the key to the GoGS user, one is able to authenticate successfully.

(updates for clarity and more info)
@unknwon unknwon added the 💊 bug Something isn't working label Sep 11, 2015
@unknwon
Copy link
Member

unknwon commented Sep 11, 2015

Thanks your feedback!

Simple question first:

Does truncated SSH key make you unable to git push/pull through SSH?

@unknwon unknwon added this to the 0.7.0 milestone Sep 11, 2015
@JeffMelton
Copy link
Author

That's correct. All repo access is denied.

@JeffMelton
Copy link
Author

With apologies, I'd forgotten to check which version of GoGS I was running. I've updated now to 0.6.11, and can confirm that key comments are still being truncated but -- for reasons unclear to me -- I'm able to authenticate successfully.

I'd say there's still a bug, in that comments shouldn't be truncated, but that its severity is diminished somewhat.

Again, sorry for filing an issue against an older version.

Other info:
git version 1.7.10.4
Linux 3.2.0-4-amd64 #1 SMP Debian 3.2.68-1+deb7u3 x86_64 GNU/Linux

unknwon added a commit that referenced this issue Sep 12, 2015
@unknwon
#1622 comment with whitespace
d185f60
@unknwon
Copy link
Member

unknwon commented Sep 12, 2015

Hi @JeffMelton thanks for following up!

I've pushed a fix on master, please help test again!

@unknwon unknwon added the status: needs feedback Tell me more about it label Sep 12, 2015
@JeffMelton
Copy link
Author

Yes, that seems to have done the trick. Thanks!

@unknwon
Copy link
Member

unknwon commented Sep 13, 2015

@JeffMelton Awesome, thanks your confirmation!

@unknwon unknwon removed the status: needs feedback Tell me more about it label Sep 13, 2015
@unknwon unknwon modified the milestones: 0.8.0, 0.7.0 Oct 24, 2015
richmahn referenced this issue in unfoldingWord/dcs May 1, 2017
@lunny
bug fixed for API to get user's repos (#1622)
61b08b5 
* bug fixed for API to get user's repos

* add tests and fix another place

* test user2 since user1 has no repos
@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 14, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
💊 bug Something isn't working
Projects
None yet
Milestone
0.7.0
Development

No branches or pull requests
2 participants
@JeffMelton @unknwon