[PATCH aurweb] Allow FIDO/U2F SSH security keys
These were added in OpenSSH bersion 8.2[1]. Fixes #36 [1]: https://www.openssh.com/txt/release-8.2 --- Just a heads up that I haven't tested this and aren't sure if the keys are used anywhere else that may be affected (though a grep makes me think they aren't). web/lib/acctfuncs.inc.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php index df016c6d..efc08331 100644 --- a/web/lib/acctfuncs.inc.php +++ b/web/lib/acctfuncs.inc.php @@ -877,7 +877,8 @@ function valid_pgp_fingerprint($fingerprint) { function valid_ssh_pubkey($pubkey) { $valid_prefixes = array( "ssh-rsa", "ssh-dss", "ecdsa-sha2-nistp256", - "ecdsa-sha2-nistp384", "ecdsa-sha2-nistp521", "ssh-ed25519" + "ecdsa-sha2-nistp384", "ecdsa-sha2-nistp521", "ssh-ed25519", + "sk-ssh-ecdsa@openssh.com", "sk-ssh-ed25519@openssh.com" ); $has_valid_prefix = false; -- 2.32.0
On 6/10/21 1:39 PM, Steven Guikal via aur-dev wrote:
These were added in OpenSSH bersion 8.2[1].
Fixes #36
[1]: https://www.openssh.com/txt/release-8.2 ---
Just a heads up that I haven't tested this and aren't sure if the keys are used anywhere else that may be affected (though a grep makes me think they aren't).
web/lib/acctfuncs.inc.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php index df016c6d..efc08331 100644 --- a/web/lib/acctfuncs.inc.php +++ b/web/lib/acctfuncs.inc.php @@ -877,7 +877,8 @@ function valid_pgp_fingerprint($fingerprint) { function valid_ssh_pubkey($pubkey) { $valid_prefixes = array( "ssh-rsa", "ssh-dss", "ecdsa-sha2-nistp256", - "ecdsa-sha2-nistp384", "ecdsa-sha2-nistp521", "ssh-ed25519" + "ecdsa-sha2-nistp384", "ecdsa-sha2-nistp521", "ssh-ed25519", + "sk-ssh-ecdsa@openssh.com", "sk-ssh-ed25519@openssh.com" );
$has_valid_prefix = false;
Thanks! But in aurweb/git/auth.py we check $AUR_CONFIG (defaults in conf/config.defaults) for valid-keytypes in the AuthorizedKeysCommand, I'm not 100% sure why we bother but we do. -- Eli Schwartz Bug Wrangler and Trusted User
participants (2)
-
Eli Schwartz
-
Steven Guikal