lordwelch/breakglass
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add a warning for ssh-rsa keys in authorized keys

Browse Source 
https://github.com/gokrazy/breakglass/issues/11
This commit is contained in:
Christian Heusel 2022-03-06 21:55:03 +01:00 committed by Michael Stapelberg
parent 0fd4350464
commit ae89d9b070
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
breakglass.go
View File

@ -50,11 +50,19 @@ func loadAuthorizedKeys(path string) (map[string]bool, error) {
result := make(map[string]bool) result := make(map[string]bool)
s := bufio.NewScanner(bytes.NewReader(b)) s := bufio.NewScanner(bytes.NewReader(b))
for s.Scan() { for lineNum := 1; s.Scan(); lineNum++ {
if tr := strings.TrimSpace(s.Text()); tr == "" || strings.HasPrefix(tr, "#") { if tr := strings.TrimSpace(s.Text()); tr == "" || strings.HasPrefix(tr, "#") {
continue continue
} }
pubKey, _, _, _, err := ssh.ParseAuthorizedKey(s.Bytes()) pubKey, comment, _, _, err := ssh.ParseAuthorizedKey(s.Bytes())
// This warning can be removed once the mentioned issue is resolved
if keyType := pubKey.Type(); keyType == "ssh-rsa" {
log.Print("Warning: You added a ssh-rsa key to your authorized keys, these do currently not work.")
log.Print("Further information: https://github.com/gokrazy/breakglass/issues/11")
log.Printf("Affected key: %s [...] %s (line %d)", keyType, comment, lineNum)
}
if err != nil { if err != nil {
return nil, err return nil, err
} }