The build could run a quick check to see if ssh-keygen can read the file? `ssh-keygen -l -f filename` will return an error if it can't read a key in the file (it only checks the first key)
On Tue, May 12, 2015 at 10:33 AM Christian Theune <c...@flyingcircus.io> wrote: > Hi, > > correct me if I’m wrong but SSH keys do not have a strong syntax, and > aside from “there’s less than <ssh-rsa…><space><somethingnonspace> there > isn’t much you can check for. > > Specifically as the comment field can contain pretty much anything and you > can’t check the key data for validity on a semantic basis AFAIK. > > Christian > > On 12 May 2015, at 10:27, Tomasz Kontusz <tomasz.kont...@gmail.com> wrote: > > Oops, replied to the wrong address. > > ------------------------------ > *Od:* Tomasz Kontusz <tomasz.kont...@gmail.com> > *Wysłane:* Tue May 12 10:25:21 CEST 2015 > *Do:* Anand Patil <anand.prabhakar.pa...@gmail.com> > *Temat:* Re: [Nix-dev] Possible bug in ssh key module > > It would still be nice if the middle yelled at you instead of using > obviously wrong inputs. > > Actually, is there any practice already in place for this kind of checks? > Like how picky should they be, and should they be overridable > > Anand Patil <anand.prabhakar.pa...@gmail.com> napisał: >> >> Hi Bas, yep, it was just that. Sorry for the false alarm. >> >> Thanks, >> Anand >> >> On Mon, May 11, 2015 at 12:52 AM, Bas van Dijk <v.dijk....@gmail.com> wrote: >> >>> On 11 May 2015 at 04:45, Anand Patil <anand.prabhakar.pa...@gmail.com> >>> wrote: >>> >>>> Hi everyone, >>>> >>>> >>>> Just wanted to point out a small possible bug in NixOS version >>>> 15.05pre61966.75ebc3c (Dingo). I noticed that when I add an >>>> authorizedKeys option to my user like so: >>>> >>>> openssh.authorizedKeys.keys = [ "ssh-rsa stuff" ]; >>>> >>>> the contents of /etc/ssh/authorized_keys.d/anand look like >>>> >>>> ssh-rsa >>>> stuff >>>> >>>> with a newline after the "ssh-rsa", >>> >>> >>> Hi Anand, >>> >>> The >>> implementation looks correct. It only adds newlines between the keys: >>> >>> https://github.com/NixOS/nixpkgs/blob/75ebc3cf1dc1365be5a05018fc8e5409c66025cb/nixos/modules/services/networking/ssh/sshd.nix#L55 >>> >>> Are you sure your string doesn't contain a newline? Maybe your text >>> editor added a newline when it wrapped the string. >>> >>> Bas >>> >> ------------------------------ >> >> nix-dev mailing list >> nix-dev@lists.science.uu.nl >> http://lists.science.uu.nl/mailman/listinfo/nix-dev >> >> > -- > Wysłane za pomocą K-9 Mail. > -- > Wysłane za pomocą K-9 Mail. > _______________________________________________ > nix-dev mailing list > nix-dev@lists.science.uu.nl > http://lists.science.uu.nl/mailman/listinfo/nix-dev > > > — > Christian Theune · c...@flyingcircus.io · +49 345 219401 0 > Flying Circus Internet Operations GmbH · http://flyingcircus.io > Forsterstraße 29 · 06112 Halle (Saale) · Deutschland > HR Stendal HRB 21169 · Geschäftsführer: Christian. Theune, Christian. > Zagrodnick > > _______________________________________________ > nix-dev mailing list > nix-dev@lists.science.uu.nl > http://lists.science.uu.nl/mailman/listinfo/nix-dev >
_______________________________________________ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
