From 89fc8ea847302b45884aa3ac7dbc6e2e261c7462 Mon Sep 17 00:00:00 2001
From: Tatiana Kholkina <holkina@selectel.ru>
Date: Thu, 1 Feb 2018 18:08:15 +0300
Subject: Fix ssh keys validation in ssh_util

This fixes a bug where invalid keys would sneak into authorized_keys.
---
 cloudinit/ssh_util.py | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

(limited to 'cloudinit/ssh_util.py')

diff --git a/cloudinit/ssh_util.py b/cloudinit/ssh_util.py
index b95b956f..882517f5 100644
--- a/cloudinit/ssh_util.py
+++ b/cloudinit/ssh_util.py
@@ -171,16 +171,13 @@ def parse_authorized_keys(fname):
 
 
 def update_authorized_keys(old_entries, keys):
-    to_add = list(keys)
-
+    to_add = list([k for k in keys if k.valid()])
     for i in range(0, len(old_entries)):
         ent = old_entries[i]
         if not ent.valid():
             continue
         # Replace those with the same base64
         for k in keys:
-            if not ent.valid():
-                continue
             if k.base64 == ent.base64:
                 # Replace it with our better one
                 ent = k
-- 
cgit v1.2.3