summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPaul Lettington <paul@plett.co.uk>2021-09-03 23:39:22 +0100
committerPaul Lettington <paul@plett.co.uk>2021-09-03 23:39:22 +0100
commit6b52387190f8213e7e02060e894c6ddd4fb7cb3d (patch)
tree54f3ae8662567277af4b443176e89cd307a1ecad
parent5f1c1ae4770fe36b5290f34d2f3a248c6b1a0ddb (diff)
downloadvyos-1x-6b52387190f8213e7e02060e894c6ddd4fb7cb3d.tar.gz
vyos-1x-6b52387190f8213e7e02060e894c6ddd4fb7cb3d.zip
login: T971 allow quoting in public-keys options
This patch allows the use of `&quot;` in ssh public-key options which unlocks the ability to set the `from` option in a way that sshd will accept to limit what hosts a user can connect from.
-rwxr-xr-xsrc/conf_mode/system-login.py4
1 files changed, 3 insertions, 1 deletions
diff --git a/src/conf_mode/system-login.py b/src/conf_mode/system-login.py
index 318ff276d..4dd7f936d 100755
--- a/src/conf_mode/system-login.py
+++ b/src/conf_mode/system-login.py
@@ -240,7 +240,9 @@ def apply(login):
# XXX: Should we deny using root at all?
home_dir = getpwnam(user).pw_dir
render(f'{home_dir}/.ssh/authorized_keys', 'login/authorized_keys.tmpl',
- user_config, permission=0o600, user=user, group='users')
+ user_config, permission=0o600,
+ formater=lambda _: _.replace("&quot;", '"'),
+ user=user, group='users')
except Exception as e:
raise ConfigError(f'Adding user "{user}" raised exception: "{e}"')