You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The present AuthorizedKeysHelper removes the following characters/strings:
"[" (left square bracket)
"]" (right square bracket)
"'" (single quote)
"," (comma followed by space [not rendered correctly by markdown])
":" (colon, removed implicitly by awk)
All of them ARE valid if an SSH key is preceded by an options string: from="1.2.3.4,[2001:db8::/64]" ssh-rsa AAAA... command="/usr/local/foo --arg1='a, b' " ssh-rsa AAAA...
There are two potential solutions:
Keep the sshkey.cache format the same, only improve the script (A python rewrite perhaps)
Write out one sshkey per line, instead of an array as the second element; and improve the script. This has a side benefit of working better with the existing script.
The text was updated successfully, but these errors were encountered:
Implement a much more useful AuthorizedKeysCommand that does not have
the problems of the original shell version. The new command also
supports ways to filter the keys and do exact matches based on
information from the sshd (eg keytype/fingerprint/keyblob)
Bugs in the old shell version:
- did substring match on usernames instead of exact match
google#67
- Failed on keys with characters: [, ], :, ",", "'"
google#66
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
The present AuthorizedKeysHelper removes the following characters/strings:
[
" (left square bracket)]
" (right square bracket)'
" (single quote),
" (comma followed by space [not rendered correctly by markdown]):
" (colon, removed implicitly by awk)All of them ARE valid if an SSH key is preceded by an options string:
from="1.2.3.4,[2001:db8::/64]" ssh-rsa AAAA...
command="/usr/local/foo --arg1='a, b' " ssh-rsa AAAA...
There are two potential solutions:
The text was updated successfully, but these errors were encountered: