[pve-devel] ssh_merge_keys / authorized_keys file error
Stefan Priebe - Profihost AG
s.priebe at profihost.ag
Thu Nov 1 11:37:47 CET 2012
Hello,
the sub ssh_merge_keys in PVE::Cluster is still not 100% safe. man
authorized_keys says you're allowed to use several options in front of
the ssh-{rsa,dsa} string.
For example commands, ip limits and env variables which are set
automatically when you login via your key.
So we do not store these keys in $vhash.
So
if ($line =~ m/^ssh-rsa\s+(\S+)\s+\S+$/) {
needs to be replaces by:
if ($line =~ m/(^|\s)ssh-(rsa|dsa)\s+(\S+)\s+\S+$/) {
next if $vhash->{$3};
$vhash->{$3} = 1;
Stefan
More information about the pve-devel
mailing list