-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] ssh_auth.present.source doesn't work with key types containing @ or . #61299
Comments
Hi there! Welcome to the Salt Community! Thank you for making your first contribution. We have a lengthy process for issues and PRs. Someone from the Core Team will follow up as soon as possible. In the meantime, here’s some information that may help as you continue your Salt journey.
There are lots of ways to get involved in our community. Every month, there are around a dozen opportunities to meet with other contributors and the Salt Core team and collaborate in real time. The best way to keep track is by subscribing to the Salt Community Events Calendar. |
Does it work without the It's not clear why the regex is written like that. I'd use something like
|
I just tested and it only works with the @openssh.com suffix. This is a key type that was added about two years ago to support U2F/FIDO keys (more info here) and my guess is that the current implementation in OpenSSH-specific rather than part of a standard, so they added a suffix to denote that. |
It looks like providing a |
It seems that this does still not work as of v3005, at least for |
It also fails with |
Note that the duplicate #64723 issue mentions a couple points where a fix could be applied, including a couple suggested regexp changes |
I tried to reproduce the problem with the content provided by @FineTralfazz and the missing key now appears in the file. is already this fixed? or not how can I reproduce it? |
Description
When using a key with a type containing
@
or.
the regex doesn't correctly capture the key, so it doesn't end up on the target.Setup
SLS file:
Contents of
salt://configs/authorized_keys
:The file that gets dropped on the target hosts:
Steps to Reproduce the behavior
^ Use that SLS and authorized_keys file.
Expected behavior
The whole file is added to the target hosts.
Versions Report
salt --versions-report
(Provided by running salt --versions-report. Please also mention any differences in master/minion versions.)Additional context
I played around with the regex in
ssh_auth.py
and I think changing it to^(.*?)\s?((?:sk-)?(?:ssh\-|ecds)[@\.\w-]+\s.+)$
would fix the problem. But I'm not familiar enough with the codebase to confidently submit a PR, so I'm hoping an active contributor can confirm and fix it.The text was updated successfully, but these errors were encountered: