From ae89d9b070fd49eed1ac9e63f831e740a026c1d0 Mon Sep 17 00:00:00 2001
From: Christian Heusel <christian@heusel.eu>
Date: Sun, 6 Mar 2022 21:55:03 +0100
Subject: [PATCH] Add a warning for ssh-rsa keys in authorized keys

https://github.com/gokrazy/breakglass/issues/11
---
 breakglass.go | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/breakglass.go b/breakglass.go
index 300be3c..e6d6fc1 100644
--- a/breakglass.go
+++ b/breakglass.go
@@ -50,11 +50,19 @@ func loadAuthorizedKeys(path string) (map[string]bool, error) {
 	result := make(map[string]bool)
 
 	s := bufio.NewScanner(bytes.NewReader(b))
-	for s.Scan() {
+	for lineNum := 1; s.Scan(); lineNum++ {
 		if tr := strings.TrimSpace(s.Text()); tr == "" || strings.HasPrefix(tr, "#") {
 			continue
 		}
-		pubKey, _, _, _, err := ssh.ParseAuthorizedKey(s.Bytes())
+		pubKey, comment, _, _, err := ssh.ParseAuthorizedKey(s.Bytes())
+
+		// This warning can be removed once the mentioned issue is resolved
+		if keyType := pubKey.Type(); keyType == "ssh-rsa" {
+			log.Print("Warning: You added a ssh-rsa key to your authorized keys, these do currently not work.")
+			log.Print("Further information: https://github.com/gokrazy/breakglass/issues/11")
+			log.Printf("Affected key: %s [...] %s (line %d)", keyType, comment, lineNum)
+		}
+
 		if err != nil {
 			return nil, err
 		}