Question about ssh-keygen -Y find-principals
Damien Miller
djm at mindrot.org
Fri Mar 8 05:38:09 AEDT 2024
On Thu, 7 Mar 2024, Wiktor Kwapisiewicz wrote:
> Hello,
>
> I've noticed that `ssh-keygen -Y find-principals` warns about empty
> lines in the allowed signers file, even though the documentation says
> they should be treated as comments:
>
> $ ssh-keygen -Y find-principals -f allowed_signers.md -I
> wiktor at metacode.biz -n file -s rsa-key.txt.sig < rsa-key.txt
> allowed_signers.md:3: missing key <---- here
> wiktor at metacode.biz
I think this is what is happening:
> allowed_signers.md:3: missing key^M
You have line feed characters in your allowed_signers file, possibly from
editing it on a Windows system. We don't currently ignore this character
at the ends of lines.
You could try removing them or try this patch:
diff --git a/sshsig.c b/sshsig.c
index d50d65fe2..145bca862 100644
--- a/sshsig.c
+++ b/sshsig.c
@@ -747,7 +747,7 @@ parse_principals_key_and_options(const char *path, u_long linenum, char *line,
cp = line;
cp = cp + strspn(cp, " \t"); /* skip leading whitespace */
- if (*cp == '#' || *cp == '\0')
+ if (*cp == '#' || *cp == '\0' || strcmp(cp, "\r") == 0)
return SSH_ERR_KEY_NOT_FOUND; /* blank or all-comment line */
/* format: identity[,identity...] [option[,option...]] key */
More information about the openssh-unix-dev
mailing list