adding ssh public keys with lf in it

Mads Kiilerich mads at kiilerich.com
Sat Sep 26 16:59:40 UTC 2020 

(Note: please post to kallithea-general at sfconservancy.org - not to the 
-bounces address.)


Thanks for the report and patch.

Can you clarify exactly which problem you saw? Did you get a "nice" 
"Incorrect SSH key - failed to decode base64 part" message when adding 
the key? A correct and correctly shown message ... but not helpful? And 
you missed the error message and thought the key had been added 
successfully?


Some comments to the proposed fix:

Note that public keys can be added both by admin 
kallithea/controllers/admin/users.py and by users 
kallithea/controllers/admin/my_account.py . A fix of this kind would 
thus probably be better to have in shared code, for example in 
kallithea/model/ssh_key.py .

It seems like the added test will pass, also without the fix. The 
kallithea/model/db.py public_key setter will just decode using 
base64.b64decode which happens to happily ignore any kind of whitespace. 
I guess it would be better to test this change like we test ssh key 
adding in kallithea/tests/functional/test_admin_users.py and 
kallithea/tests/functional/test_my_account.py .


But back to the core of the problem:

The format of these ssh public keys is that they are one line. First the 
key type, then space, then the base64 encoded key, then optional space 
followed by anything that is a comment and ignored. I thus have some 
concerns of adding partial support for a non-standard format. Especially 
as this is security sensitive and we thus try to be paranoid. When 
parsing the base64 encoded part, we even have a "Incorrect SSH key - 
unexpected characters in base64 part" check to explicitly avoid newlines.

But we could perhaps do it anyway... Would 
https://kallithea-scm.org/repos/kallithea-incoming/changeset/d8ec9261cead78bb6f4768ebf7f82bd21c0d74fd 
work for you and fix your problem?

/Mads



On 9/25/20 9:50 AM, Ed Wong wrote:
> Hi, .
>
> I created a new user in a local Kallithea instance and added a public
> key to it and saved.
>
> Then I proceeded to try to clone from a different system using that
> user account's key.  No matter what I did, it kept on asking for
> a password.
> just
> Completely stumped me as I could clone off a different account,
> so I went to insspect the public key and realized that when
> I copy and pasted off a mingw terminal, it had included
> a bunch of \n.  I removed the \n and repasted the public_key.
>
> Then it allowed me to clone.
>
> I'm currently setting up a dev env to test if my fix is gonna
> work though I suspect it's a bit of a hack.  I've included
> it in this post for comment.
>
>
> Edmund
>
> diff -r c819a1e9103b kallithea/controllers/admin/users.py
> --- a/kallithea/controllers/admin/users.py      Mon Aug 24 15:02:16 2020
> +0200
> +++ b/kallithea/controllers/admin/users.py      Fri Sep 25 15:33:19 2020
> +0800
> @@ -446,10 +446,13 @@
>
>       @IfSshEnabled
>       def ssh_keys_add(self, id):
> +        def rem_newline(in_pub_key):
> +            return in_pub_key.replace("\r\n", "").replace("\n", "")
> +
>           c.user = self._get_user_or_raise_if_default(id)
>
>           description = request.POST.get('description')
> -        public_key = request.POST.get('public_key')
> +        public_key = rem_newline(request.POST.get('public_key'))
>           try:
>               new_ssh_key = SshKeyModel().create(c.user.user_id,
>                                                  description, public_key)
> diff -r c819a1e9103b kallithea/tests/models/test_user_ssh_keys.py
> --- a/kallithea/tests/models/test_user_ssh_keys.py      Mon Aug 24
> 15:02:16 2020 +0200
> +++ b/kallithea/tests/models/test_user_ssh_keys.py      Fri Sep 25
> 15:33:19 2020 +0800
> @@ -7,6 +7,10 @@
>
>   public_key = 'ssh-rsa
> AAAAB3NzaC1yc2EAAAADAQABAAAAgQC6Ycnc2oUZHQnQwuqgZqTTdMDZD7ataf3JM7oG2Fw8JR6cdmz4QZLe5mfDwaFwG2pWHLRpVqzfrD/Pn3rIO++bgCJH5ydczrl1WScfryV1hYMJ/4EzLGM657J1/q5EI+b9SntKjf4ax+KP322L0TNQGbZUHLbfG2MwHMrYBQpHUQ==
> kallithea at localhost'
> +public_key_with_lf = 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAA\n' + \
> +                   'AAgQC6Ycnc2oUZHQnQwuqgZqTTdMDZD7ataf3\n' +
> +
> 'JM7oG2Fw8JR6cdmz4QZLe5mfDwaFwG2pWHLRpVqzfrD/Pn3rIO++bgCJH5ydczrl1WScfryV1hYMJ/4EzLGM657J1/q5EI+b9SntKjf4ax+KP322L0TNQGbZUHLbfG2MwHMrYBQpHUQ==
> kallithea at localhost'
> +
>
>   class TestUserSshKeys(TestController):
>
> @@ -15,3 +19,9 @@
>           key_model.public_key = public_key
>           expected = 'Ke3oUCNJM87P0jJTb3D+e3shjceP2CqMpQKVd75E9I8'
>           assert expected == key_model.fingerprint
> +
> +    def test_line_feed_public_key(self):
> +        key_model = UserSshKeys()
> +        key_model.public_key = public_key_with_lf
> +        expected = 'Ke3oUCNJM87P0jJTb3D+e3shjceP2CqMpQKVd75E9I8'
> +        assert expected == key_model.fingerprint
>

More information about the kallithea-general mailing list