adding ssh public keys with lf in it

Ed Wong cc at pw-wspx.org
Mon Sep 28 00:03:02 UTC 2020


Mads Kiilerich wrote:
> (Note: please post to kallithea-general at sfconservancy.org - not to the
> -bounces address.)
> 
My bad, sorry Mads.

> 
> Thanks for the report and patch.
> 
> Can you clarify exactly which problem you saw? Did you get a "nice"
> "Incorrect SSH key - failed to decode base64 part" message when adding
> the key? A correct and correctly shown message ... but not helpful? And
> you missed the error message and thought the key had been added
> successfully?

The key was added successfully without any errors.  When I reload the
account's ssh keys, it shows the added key.

> 
> It seems like the added test will pass, also without the fix. The
> kallithea/model/db.py public_key setter will just decode using
> base64.b64decode which happens to happily ignore any kind of whitespace.
> I guess it would be better to test this change like we test ssh key
> adding in kallithea/tests/functional/test_admin_users.py and
> kallithea/tests/functional/test_my_account.py .

Yeah, I'm still working on the patch but haven't gotten my dev
env setup properly yet.   Thanks to Patrick though, I'm closer. :)
So the tests aren't failing as I am hoping as I've forgotten
how the tests are setup.


> 
> But back to the core of the problem:
> 
> The format of these ssh public keys is that they are one line. First the
> key type, then space, then the base64 encoded key, then optional space
> followed by anything that is a comment and ignored. I thus have some
> concerns of adding partial support for a non-standard format. Especially
> as this is security sensitive and we thus try to be paranoid. When
> parsing the base64 encoded part, we even have a "Incorrect SSH key -
> unexpected characters in base64 part" check to explicitly avoid newlines.
> 
> But we could perhaps do it anyway... Would
> https://kallithea-scm.org/repos/kallithea-incoming/changeset/d8ec9261cead78bb6f4768ebf7f82bd21c0d74fd
> work for you and fix your problem?
Will test it out locally.

Edmund


More information about the kallithea-general mailing list