[Bug 1319] ssh-keygen does not properly handle multiple keys
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Fri Dec 2 12:19:01 EST 2011
https://bugzilla.mindrot.org/show_bug.cgi?id=1319
--- Comment #6 from Damien Miller <djm at mindrot.org> 2011-12-02 12:19:01 EST ---
Fixing this is trickier than I thought. The cases that need to be
supported are:
1. SSH1 public key in a private blob
2. SSH1/SSH2 public key in text form
3. known_hosts
4. authorized_keys
We can deal with case #1 by using key_load_public_type() instead of
key_load_public.
It is a little more tricky to support the other cases together though.
For a start, known_hosts always has a hostname before the key string
whereas a public key in text format never does. authorized_keys has
optional key restrictions that need to be recognised and skipped.
A final (?) complication comes in the printing - when printing
fingerprints from known_hosts, one wants to print the hostname obtained
from the start of the line, but when printing everything else the key
comment (end of the line, or baked into the a binary SSH1 private key)
is the most important thing.
So, do_fingerprint needs to be rewritten to look something like this:
k = key_load_public_type(KEY_RSA1, identity_file, comment)
if (k != NULL)
print fingerprint+comment and exit
for line in identity_file
split_key_line(line, &preamble, &key, &comment)
if (auth_parse_options(preamble)) {
// If it has options then it's definitely authorized keys
authorized_keys = 1
} else if (*preamble != '\0') {
// If the preamble doesn't look like options, then it's probably
// known_hosts
known_hosts = 1
} else {
// If no preamble at all then it's a plain key or authorized_keys
}
print_fingerprint(key)
print_comment(known_hosts ? preamble : comment)
}
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list