[pve-devel] [PATCH common] Add validate_ssh_public_keys
Wolfgang Bumiller
w.bumiller at proxmox.com
Fri Apr 1 16:11:22 CEST 2016
On Fri, Apr 01, 2016 at 03:30:23PM +0200, Fabian Grünbichler wrote:
> in preparation of allowing to set up SSH keys when creating
> containers. This only works with OpenSSH's public key format
> at the moment, one key per line.
> ---
> The ugly <<< syntax is necessary since we don't want to
> create a temp file for this, and ssh-keygen cannot read
> the key data from stdin in a sane way.
What do you mean "in a sane way", though, as this _is_ passed via
stdin... (['echo', $line, \'|', ...]) wouldn't be any better, though.
(One more shell quote that hurts my eyes when I look at it. I *really*
hope perl's shell_quote knows what it's doing... Maybe we need to
introduce a convenient way to use O_TMPFILEs...)
> src/PVE/Tools.pm | 12 ++++++++++++
> 1 file changed, 12 insertions(+)
>
> diff --git a/src/PVE/Tools.pm b/src/PVE/Tools.pm
> index 1d1f4b8..bf49310 100644
> --- a/src/PVE/Tools.pm
> +++ b/src/PVE/Tools.pm
> @@ -1213,4 +1213,16 @@ sub sync_mountpoint {
> return $result;
> }
>
> +sub validate_ssh_public_keys {
> + my ($raw) = @_;
> + my @lines = split(/\n/, $raw);
> +
> + foreach my $line (@lines) {
> + eval {
> + run_command([["ssh-keygen", "-l", "-f", "/dev/stdin", \"<<<", "$line"]]);
> + };
> + die "SSH public key validation error\n" if $@;
> + }
> +}
> +
> 1;
> --
> 2.1.4
>
>
> _______________________________________________
> pve-devel mailing list
> pve-devel at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
More information about the pve-devel
mailing list