Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: OpenSSH: Bugs

[Bug 1319] ssh-keygen does not properly handle multiple keys

 

 

OpenSSH bugs RSS feed   Index | Next | Previous | View Threaded


bugzilla-daemon at bugzilla

Dec 1, 2011, 5:19 PM

Post #1 of 2 (123 views)
Permalink
[Bug 1319] ssh-keygen does not properly handle multiple keys

https://bugzilla.mindrot.org/show_bug.cgi?id=1319

--- Comment #6 from Damien Miller <djm [at] mindrot> 2011-12-02 12:19:01 EST ---
Fixing this is trickier than I thought. The cases that need to be
supported are:

1. SSH1 public key in a private blob
2. SSH1/SSH2 public key in text form
3. known_hosts
4. authorized_keys

We can deal with case #1 by using key_load_public_type() instead of
key_load_public.

It is a little more tricky to support the other cases together though.
For a start, known_hosts always has a hostname before the key string
whereas a public key in text format never does. authorized_keys has
optional key restrictions that need to be recognised and skipped.

A final (?) complication comes in the printing - when printing
fingerprints from known_hosts, one wants to print the hostname obtained
from the start of the line, but when printing everything else the key
comment (end of the line, or baked into the a binary SSH1 private key)
is the most important thing.

So, do_fingerprint needs to be rewritten to look something like this:

k = key_load_public_type(KEY_RSA1, identity_file, comment)
if (k != NULL)
print fingerprint+comment and exit
for line in identity_file
split_key_line(line, &preamble, &key, &comment)
if (auth_parse_options(preamble)) {
// If it has options then it's definitely authorized keys
authorized_keys = 1
} else if (*preamble != '\0') {
// If the preamble doesn't look like options, then it's probably
// known_hosts
known_hosts = 1
} else {
// If no preamble at all then it's a plain key or authorized_keys
}
print_fingerprint(key)
print_comment(known_hosts ? preamble : comment)
}

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-bugs


bugzilla-daemon at bugzilla

Dec 1, 2011, 5:59 PM

Post #2 of 2 (120 views)
Permalink
[Bug 1319] ssh-keygen does not properly handle multiple keys [In reply to]

https://bugzilla.mindrot.org/show_bug.cgi?id=1319

Damien Miller <djm [at] mindrot> changed:

What |Removed |Added
----------------------------------------------------------------------------
Blocks| |1544

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

OpenSSH bugs RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.