[Nix-dev] Possible bug in ssh key module
Christian Theune
ct at flyingcircus.io
Tue May 12 10:33:34 CEST 2015
Hi,
correct me if I’m wrong but SSH keys do not have a strong syntax, and aside from “there’s less than <ssh-rsa…><space><somethingnonspace> there isn’t much you can check for.
Specifically as the comment field can contain pretty much anything and you can’t check the key data for validity on a semantic basis AFAIK.
Christian
> On 12 May 2015, at 10:27, Tomasz Kontusz <tomasz.kontusz at gmail.com> wrote:
>
> Oops, replied to the wrong address.
>
> Od: Tomasz Kontusz <tomasz.kontusz at gmail.com>
> Wysłane: Tue May 12 10:25:21 CEST 2015
> Do: Anand Patil <anand.prabhakar.patil at gmail.com>
> Temat: Re: [Nix-dev] Possible bug in ssh key module
>
> It would still be nice if the middle yelled at you instead of using obviously wrong inputs.
>
> Actually, is there any practice already in place for this kind of checks? Like how picky should they be, and should they be overridable
>
> Anand Patil <anand.prabhakar.patil at gmail.com> napisał:
> Hi Bas, yep, it was just that. Sorry for the false alarm.
>
> Thanks,
> Anand
>
> On Mon, May 11, 2015 at 12:52 AM, Bas van Dijk <v.dijk.bas at gmail.com> wrote:
> On 11 May 2015 at 04:45, Anand Patil <anand.prabhakar.patil at gmail.com> wrote:
> Hi everyone,
>
>
> Just wanted to point out a small possible bug in NixOS version
> 15.05pre61966.75ebc3c (Dingo). I noticed that when I add an
> authorizedKeys option to my user like so:
>
> openssh.authorizedKeys.keys = [ "ssh-rsa stuff" ];
>
> the contents of /etc/ssh/authorized_keys.d/anand look like
>
> ssh-rsa
> stuff
>
> with a newline after the "ssh-rsa",
>
> Hi Anand,
>
> The
> implementation looks correct. It only adds newlines between the keys:
>
> https://github.com/NixOS/nixpkgs/blob/75ebc3cf1dc1365be5a05018fc8e5409c66025cb/nixos/modules/services/networking/ssh/sshd.nix#L55 <https://github.com/NixOS/nixpkgs/blob/75ebc3cf1dc1365be5a05018fc8e5409c66025cb/nixos/modules/services/networking/ssh/sshd.nix#L55>
>
> Are you sure your string doesn't contain a newline? Maybe your text
> editor added a newline when it wrapped the string.
>
> Bas
>
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev <http://lists.science.uu.nl/mailman/listinfo/nix-dev>
>
> --
> Wysłane za pomocą K-9 Mail.
> --
> Wysłane za pomocą K-9 Mail.
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
—
Christian Theune · ct at flyingcircus.io · +49 345 219401 0
Flying Circus Internet Operations GmbH · http://flyingcircus.io
Forsterstraße 29 · 06112 Halle (Saale) · Deutschland
HR Stendal HRB 21169 · Geschäftsführer: Christian. Theune, Christian. Zagrodnick
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.science.uu.nl/pipermail/nix-dev/attachments/20150512/1ade27cb/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://lists.science.uu.nl/pipermail/nix-dev/attachments/20150512/1ade27cb/attachment.bin
More information about the nix-dev
mailing list