[pve-devel] [PATCH v2 common] Add validate_ssh_public_keys

[Fabian Grünbichler]

validate format of SSH public keys using ssh-keygen -l and
temp files.
---
Changes to v1:
- use temp files instead of <<<
- skip whitespace lines
- silence output

 src/PVE/Tools.pm | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/src/PVE/Tools.pm b/src/PVE/Tools.pm
index 6627210..3f20868 100644
--- a/src/PVE/Tools.pm
+++ b/src/PVE/Tools.pm
@@ -1307,4 +1307,19 @@ sub tempfile_contents {
     return ("/proc/$$/fd/".$fh->fileno, $fh);
 }
 
+sub validate_ssh_public_keys {
+    my ($raw) = @_;
+    my @lines = split(/\n/, $raw);
+
+    foreach my $line (@lines) {
+	next if $line =~ m/^\s*$/;
+	eval {
+	    my ($filename, $handle) = tempfile_contents($line);
+	    run_command(["ssh-keygen", "-l", "-f", $filename],
+			outfunc => sub {}, errfunc => sub {});
+	};
+	die "SSH public key validation error\n" if $@;
+    }
+}
+
 1;
-- 
2.1.4