|
|
Mads Kiilerich
|
5e46f73f0d1c
|
5 years ago
|
|
|
|
|
Mads Kiilerich
|
be839636b6e4
|
5 years ago
|
|
ssh: import binascii directly, instead of using it through base64 module It is unfortunate that the base64 module is leaking its binascii internals in exception types. We started using binascii through the base64 import in 08af13a090e0, but the import is not public, and pytype thus complains.
|
|
|
Mads Kiilerich
|
12824a48192d
|
5 years ago
|
|
ssh: verify SSH keys haven't been truncated
Ed Wong reported problems with a SSH key that accidentally was copy-pasted with
extra newlines. This truncation wasn't detected, so the truncated key was added
to authorized_keys where it obviously didn't work for sshd.
The base64 decoding would sometimes catch truncated keys - but not always. We
seem to have to look inside the key, parse it according to the RFCs, and verify
they contain the right amount of data for the key type.
It is an additional burden to have to parse SSH key internals just to validate
them. We could consider using some external method for validation. But the
explicit validation introduced here might be more spot-on for our needs.
|
|
|
Mads Kiilerich
|
c3ae916ef55f
|
5 years ago
|
|
|
|
|
Mads Kiilerich
|
0e33f4ec0617
|
5 years ago
|
|
ssh: update test coverage
Fix invalid test data that will be detected later, and add additional coverage.
|
|
|
Mads Kiilerich
|
1f61f4772a76
|
5 years ago
|
|
ssh: tweak ssh parsing error messages to give better hint towards the root cause - especially truncation
Also use "invalid" instead of "incorrect", and enumerate the valid key types.
|
|
|
Mads Kiilerich
|
141066b8a89a
|
6 years ago
|
|
|
|
|
Mads Kiilerich
|
08af13a090e0
|
6 years ago
|
|
py3: update ssh for base64.b64decode raising binascii.Error instead of TypeError
A command like:
python -c 'import base64; base64.b64decode("QQ")'
would fail in Python2 with:
TypeError: Incorrect padding
but in python3:
binascii.Error: Incorrect padding
|
|
|
Mads Kiilerich
|
8f468d08f463
|
6 years ago
|
|
|
|
|
Mads Kiilerich
|
155c52d8f210
|
6 years ago
|
|
|
|
|
Mads Kiilerich
|
c8af6594ded9
|
6 years ago
|
|
|
|
|
Mads Kiilerich
|
e7dbe089e10d
|
6 years ago
|
|
|
|
|
Mads Kiilerich
|
45bfab30d433
|
6 years ago
|
|
py3: add b'' annotations in some places where they will be needed later
Mostly entirely trivial adding of b prefix that is a ignored for py2 ... and
also a bit of related trivial reformatting/refactorings.
|
|
|
Mads Kiilerich
|
8fb1b9e7106a
|
6 years ago
|
|
|
|
|
Mads Kiilerich
|
82b1eaec25f5
|
6 years ago
|
|
|
|
|
Adi Kriegisch
|
e7be0cbb7850
|
6 years ago
|
|
ssh: fix parsing of ed25519 keys
When attempting to use ed25519 SSH keys, parse_pub_key() failed with:
SshKeyParseError: Incorrect SSH key - base64 part is not 'ssh-ed25519' as claimed but 'ssh-ed25519'
The problem was the hardcoding of the string length of the key type -- 7 or
'\x07' -- which fits ssh-rsa and ssh-dss but not ssh-ed25519.
(Fix was simplified by Mads Kiilerich.)
|
|
|
Thomas De Schampheleire
|
690e7a035521
|
6 years ago
|
|
ssh: add doctest showing incorrect handling of ed25519 keys
This doctest just demonstrates that ed25519 keys are not treated correctly
by parse_pub_key(). A subsequent commit will actually fix it.
|
|
|
Mads Kiilerich
|
0a277465fddf
|
6 years ago
|
|
|
|
|
Christian Oyarzun
|
b27e515df83c
|
11 years ago
|
|
ssh: introduce 'kallithea-cli ssh-update-authorized-keys' command for updating authorized_keys file Based on work by Ilya Beda <ir4y.ix@gmail.com> on https://bitbucket.org/ir4y/rhodecode/commits/branch/ssh_server_support , incorporating gearbox support by Anton Schur <tonich.sh@gmail.com> and also heavily modified by Mads Kiilerich. This commit also incorporates a fix for Windows by Dominik Ruf, and better handling of the case where the parent dir of 'authorized_keys' does not exist or is not writable, by Bradley M. Kuhn <bkuhn@ebb.org>.
|
|
|
Christian Oyarzun
|
3b147c38b674
|
11 years ago
|
|
|