diff options
author | zsdc <taras@vyos.io> | 2023-05-22 18:05:07 +0300 |
---|---|---|
committer | zsdc <taras@vyos.io> | 2023-05-22 18:05:07 +0300 |
commit | 5d3e4e79746772d80a6289f352e3606382f73eaa (patch) | |
tree | 22fd1f3c6a208e0ba7f67a5f14946f774190168b /cloudinit | |
parent | 78417ee1f023fbfb5f25580e13d9968eb19707f6 (diff) | |
download | vyos-cloud-init-5d3e4e79746772d80a6289f352e3606382f73eaa.tar.gz vyos-cloud-init-5d3e4e79746772d80a6289f352e3606382f73eaa.zip |
SSH: T5235: Made SSH comment parser stricter
To avoid problems with SSH public key comments with special characters the
parser now generates UUID names for keys if a comment contains anything
except `[a-zA-Z0-9_]`.
Diffstat (limited to 'cloudinit')
-rw-r--r-- | cloudinit/config/cc_vyos.py | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/cloudinit/config/cc_vyos.py b/cloudinit/config/cc_vyos.py index a54c9980..49d8952c 100644 --- a/cloudinit/config/cc_vyos.py +++ b/cloudinit/config/cc_vyos.py @@ -84,7 +84,8 @@ def set_ssh_login(config, user, key_string): logger.error("Key base64 not defined, wrong ssh key format.") return False - if not key_parsed.comment: + if not key_parsed.comment or not re.fullmatch(r'^[\w]+$', key_parsed.comment, re.ASCII): + logger.info("Generating UUID for an SSH key because a comment is empty or unacceptable by CLI") key_parsed.comment = "cloud-init-{}".format(uuid4()) config.set(['system', 'login', 'user', user, 'authentication', 'public-keys', key_parsed.comment, 'key'], value=key_parsed.base64, replace=True) |