Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SSH key validation #108

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

SSH key validation #108

wants to merge 3 commits into from

Conversation

Kage
Copy link

@Kage Kage commented May 6, 2017

I updated the SSH Key page to support key bit size checking, as well as some updates for better wording.

I have not yet done the additional languages. I can do that in a separate pull request if desired, though be warned it will be through Google Translate. ;)

Edit: Looks like I have to do translations. @_@ Ok, one moment...

@Kage Kage changed the title Updating SSH Key page for validation SSH key validation May 6, 2017
@coudot coudot added this to the 1.1 milestone May 6, 2017
@coudot
Copy link
Member

coudot commented May 6, 2017

Thanks a lot, I will look at it.

@Kage
Copy link
Author

Kage commented May 8, 2017

Just pushed an update, because somehow I forgot functions.inc.php :/

Copy link
Member

@plewin plewin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Other types of keys need to be considered before merging this. Also unit testing of the function that validates the keys would be greatly appreciated.

echo "<div class=\"help alert alert-warning\">\n";
echo "<p>".$messages["sshkeypolicy"]."</p>\n";
echo "<ul>\n";
if ( $sshkey_min_bits ) { echo "<li>".$messages["sshkeypolicyminbits"] ." $sshkey_min_bits</li>\n"; }
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are uneeded extra spaces here.

@@ -239,6 +260,29 @@ function check_password_strength( $password, $oldpassword, $pwd_policy_config, $
return $result;
}

function check_sshkey( $ssh_pubkey, $sshkey_policy_config ) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This function needs unit testing with different keys and policies.

$parts = explode(' ', $ssh_pubkey);

# Check this gave us at least two parts, and SSH key type is valid
if (count($parts) < 2 || $parts[0] != 'ssh-rsa') { return "keyinvalid"; }
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The function considers all non rsa keys as invalid. I do not think it is acceptable to disallow other types of keys : dsa, ecdsa and ed25519.

@coudot
Copy link
Member

coudot commented Jul 12, 2017

@Kage and @plewin, do you think you will have time to work on this feature?

@coudot coudot modified the milestones: Future, 1.1 Aug 30, 2017
@Kage
Copy link
Author

Kage commented Oct 24, 2017

Completely forgot about this, I'll look into it soon. :P

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants