Change in vdsm[master]: BZ#856167 - Validate downloaded SSH public key

Mon, 17 Sep 2012 10:32:30 -0700 

Juan Hernandez has posted comments on this change.

Change subject: BZ#856167 - Validate downloaded SSH public key
......................................................................


Patch Set 1: (1 inline comment)

....................................................
File vdsm_reg/deployUtil.py.in
Line 103:   ([A-Za-z0-9+/]+={0,2})
Line 104:   (\s+[^\s]+)?
Line 105:   \s*
Line 106:   $
Line 107: """)
I don't know of any documentation with a regular expression for SSH public 
keys. The SSH RFC is not the place as the format of public key files is 
implementation specific. For a definitive answer one would need to inspect the 
OpenSSH source code or the "AUTHORIZED_KEYS FILE FORMAT" section of the 
"opensshd" man page.

Take into account that the public keys that this has to verify come from the 
engine, from the https://engine.example.com/engine.ssh.key.txt URL. I can tell 
you for sure that that URL generates public keys that match this regular 
expression, as I wrote the Java code that generates them.

Also take into account that the intent here is not to make sure that the SSH 
public key is 100% correct, that would be harder, only to differentiate it from 
garbage. I think that this check is good enough for that purpose.
Line 108: 
Line 109: #
Line 110: # Script interface to use, required for
Line 111: # multi-engine version support.


--
To view, visit http://gerrit.ovirt.org/8018
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: Ic6873690534f431867859e91b5fb6b1f693155aa
Gerrit-PatchSet: 1
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Juan Hernandez <[email protected]>
Gerrit-Reviewer: Alon Bar-Lev <[email protected]>
Gerrit-Reviewer: Douglas Schilling Landgraf <[email protected]>
Gerrit-Reviewer: Juan Hernandez <[email protected]>
Gerrit-Reviewer: Michael Burns <[email protected]>
Gerrit-Reviewer: Ryan Harper <[email protected]>
_______________________________________________
vdsm-patches mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches

Reply via email to