Closed hovisjovis closed 7 years ago
How long are your comment lines? And which version of the module are you using? Many key-handling improvements were done as part of addressing Issue #2 .
Hi.
We're using the latest version from the repository.
We're attempting to use the public key below. The key authenticates without the comment tag but doesn't with it.
Cheers,
Matt
---- BEGIN SSH2 PUBLIC KEY ---- Comment: "2048-bit RSA, converted from OpenSSH by msmithson@imsdsv01" AAAAB3NzaC1yc2EAAAABIwAAAQEAvLZgzZTPa+BG0eKc9J7siNWELYYi/vyBGRNPVoJ2Id ilOWhiOg1eByHVpBXAP0Fc+jreZ8gQTAX3eBzHKgr+bdqJi/4IIabMPeIbGOfnghAp3TIO DeNgq3/H5O6j2cwP/xeuS1e1oArTB3hdg3NE4/OV4aCOGoEg5jH6AI6QDJHYQ2+t6DBKau xrdUUWzDzrAaYOzvQf7HwOwvlbOC0nRpWA6W2JY3y/gTPTJG+HW3cH+Oey3Pb++Wkya5xk xkPgDHHEbzUUIGChZ7gqIRQrt1AVIsDMfttMEFTblIZPhPSpS679S++tca9olHP7fxbsZt w42ijCjrf2R3WUckPQHQ== ---- END SSH2 PUBLIC KEY ----
Ah, I see the issue:
https://github.com/Castaglia/proftpd-mod_sftp_ldap/blob/master/keys.c#L396
I'll see if I can handle Comment lines better.
Hi,
We're seeing the same behavior if an x-tag is present. e.g. adding: "x-tag: privateTag" in the header section also breaks authentication. Don't know if it's related or something you are looking to implement.
Cheers,
Matt.
This PR should help with the Comment
headers; I'm not sure it will handle the x-tag
case just yet, though.
For the x-tag
case, I think that I will need to update my PR such that it can identify the start of the base64-encoded SSH key data, specifically for the case where the entire SSH key is stored as a single line of text in the attribute for the LDAP object.
For RSA/DSA keys, the text prefix to look for is "AAAAB3Nza..."; for ECDSA keys, the text prefix to look for is "AAAAE2VjZ...".
I've added tests verifying that the PR handles an x-tag
header as well. Merged to master.
Hi We're seeing issues when adding a public key to ldap with a comment in like the examples shown here, https://tools.ietf.org/html/rfc4716#section-3.6. When we take the comment out, it accepts the key.
Are comments in the public key in ldap supported by this module?
Thanks Joe