[pve-devel] [PATCH] - preserve authorized_key key order - identify double keys by key and not by comment

Thu Aug 30 10:53:03 CEST 2012

Am 30.08.2012 07:05, schrieb Dietmar Maurer:
>> +    my @lines = split(/\n/, $data);
>> +    foreach my $line (@lines) {
>> +        if ($line =~ m/^ssh-rsa\s+(\S+)\s+\S+$/) {
>> +            next if ($vhash->{$1});
>> +            $vhash->{$1} = 1;
>> +        }
>> +        $newdata .= $line . "\n";
>>       }
>> -
>> -    $newdata .= join("", values(%$vhash));
>
> Or:
>
> diff --git a/data/PVE/Cluster.pm b/data/PVE/Cluster.pm
> index a877d41..4b8a075 100644
> --- a/data/PVE/Cluster.pm
> +++ b/data/PVE/Cluster.pm
> @@ -1018,13 +1018,11 @@ sub ssh_merge_keys {
>       while ($data && $data =~ s/^((.*?)(\n|$))//) {
>          my $line = "$2\n";
>          if ($line =~ m/^ssh-rsa\s+\S+\s+(\S+)$/) {
> -           $vhash->{$1} = $line;
> -       } else {
> -           $newdata .= $line;
> +            next if $vhash->{$1};
> +            $vhash->{$1} = 1;
>          }
> +       $newdata .= $line;
>       }
> -
> -    $newdata .= join("", values(%$vhash));
>
>       PVE::Tools::file_set_contents($sshauthkeys, $newdata, 0600);
>   }
>

But this still checks the key comment instead of the key itself. There 
are keys without comments and there may be also keys with the same comment.

So i would also change:

if ($line =~ m/^ssh-rsa\s+\S+\s+(\S+)$/) {

to

if ($line =~ m/^ssh-rsa\s+(\S+)\s+/) {

Stefan