[pve-devel] [PATCH common] Add validate_ssh_public_keys

Wolfgang Bumiller w.bumiller at proxmox.com
Fri Apr 1 16:11:22 CEST 2016


On Fri, Apr 01, 2016 at 03:30:23PM +0200, Fabian Grünbichler wrote:
> in preparation of allowing to set up SSH keys when creating
> containers. This only works with OpenSSH's public key format
> at the moment, one key per line.
> ---
> The ugly <<< syntax is necessary since we don't want to
> create a temp file for this, and ssh-keygen cannot read
> the key data from stdin in a sane way.

What do you mean "in a sane way", though, as this _is_ passed via
stdin... (['echo', $line, \'|', ...]) wouldn't be any better, though.

(One more shell quote that hurts my eyes when I look at it. I *really*
hope perl's shell_quote knows what it's doing... Maybe we need to
introduce a convenient way to use O_TMPFILEs...)

>  src/PVE/Tools.pm | 12 ++++++++++++
>  1 file changed, 12 insertions(+)
> 
> diff --git a/src/PVE/Tools.pm b/src/PVE/Tools.pm
> index 1d1f4b8..bf49310 100644
> --- a/src/PVE/Tools.pm
> +++ b/src/PVE/Tools.pm
> @@ -1213,4 +1213,16 @@ sub sync_mountpoint {
>      return $result;
>  }
>  
> +sub validate_ssh_public_keys {
> +    my ($raw) = @_;
> +    my @lines = split(/\n/, $raw);
> +
> +    foreach my $line (@lines) {
> +	eval {
> +	    run_command([["ssh-keygen", "-l", "-f", "/dev/stdin", \"<<<", "$line"]]);
> +	};
> +	die "SSH public key validation error\n" if $@;
> +    }
> +}
> +
>  1;
> -- 
> 2.1.4
> 
> 
> _______________________________________________
> pve-devel mailing list
> pve-devel at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
> 



More information about the pve-devel mailing list