[pve-devel] ssh_merge_keys / authorized_keys file error

Dietmar Maurer dietmar at proxmox.com
Fri Nov 2 09:07:45 CET 2012


applied

> -----Original Message-----
> From: Stefan Priebe - Profihost AG [mailto:s.priebe at profihost.ag]
> Sent: Freitag, 02. November 2012 09:05
> To: Dietmar Maurer
> Cc: pve-devel at pve.proxmox.com
> Subject: Re: [pve-devel] ssh_merge_keys / authorized_keys file error
> 
> Am 02.11.2012 06:55, schrieb Dietmar Maurer:
> > Would you mind to send a complete patch?
> 
> Patch sent.
> 
> 
> >> -----Original Message-----
> >> From: pve-devel-bounces at pve.proxmox.com [mailto:pve-devel-
> >> bounces at pve.proxmox.com] On Behalf Of Stefan Priebe - Profihost AG
> >> Sent: Donnerstag, 01. November 2012 11:38
> >> To: pve-devel at pve.proxmox.com
> >> Subject: [pve-devel] ssh_merge_keys / authorized_keys file error
> >>
> >> Hello,
> >>
> >> the sub ssh_merge_keys in PVE::Cluster is still not 100% safe. man
> >> authorized_keys says you're allowed to use several options in front
> >> of the ssh-{rsa,dsa} string.
> >>
> >> For example commands, ip limits and env variables which are set
> >> automatically when you login via your key.
> >>
> >> So we do not store these keys in $vhash.
> >>
> >> So
> >>
> >> if ($line =~ m/^ssh-rsa\s+(\S+)\s+\S+$/) {
> >>
> >> needs to be replaces by:
> >>
> >> if ($line =~ m/(^|\s)ssh-(rsa|dsa)\s+(\S+)\s+\S+$/) {
> >>               next if $vhash->{$3};
> >>               $vhash->{$3} = 1;
> >>
> >> Stefan
> >> _______________________________________________
> >> pve-devel mailing list
> >> pve-devel at pve.proxmox.com
> >> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
> >
> >





More information about the pve-devel mailing list