[pve-devel] [PATCH common] Add validate_ssh_public_keys

Fabian Grünbichler f.gruenbichler at proxmox.com
Fri Apr 1 15:30:23 CEST 2016


in preparation of allowing to set up SSH keys when creating
containers. This only works with OpenSSH's public key format
at the moment, one key per line.
---
The ugly <<< syntax is necessary since we don't want to
create a temp file for this, and ssh-keygen cannot read
the key data from stdin in a sane way.

 src/PVE/Tools.pm | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/PVE/Tools.pm b/src/PVE/Tools.pm
index 1d1f4b8..bf49310 100644
--- a/src/PVE/Tools.pm
+++ b/src/PVE/Tools.pm
@@ -1213,4 +1213,16 @@ sub sync_mountpoint {
     return $result;
 }
 
+sub validate_ssh_public_keys {
+    my ($raw) = @_;
+    my @lines = split(/\n/, $raw);
+
+    foreach my $line (@lines) {
+	eval {
+	    run_command([["ssh-keygen", "-l", "-f", "/dev/stdin", \"<<<", "$line"]]);
+	};
+	die "SSH public key validation error\n" if $@;
+    }
+}
+
 1;
-- 
2.1.4




More information about the pve-devel mailing list