[PATCH aurweb] Allow FIDO/U2F SSH security keys
Eli Schwartz
eschwartz at archlinux.org
Thu Jun 10 18:15:19 UTC 2021
On 6/10/21 1:39 PM, Steven Guikal via aur-dev wrote:
> These were added in OpenSSH bersion 8.2[1].
>
> Fixes #36
>
> [1]: https://www.openssh.com/txt/release-8.2
> ---
>
> Just a heads up that I haven't tested this and aren't sure if the keys
> are used anywhere else that may be affected (though a grep makes me
> think they aren't).
>
> web/lib/acctfuncs.inc.php | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php
> index df016c6d..efc08331 100644
> --- a/web/lib/acctfuncs.inc.php
> +++ b/web/lib/acctfuncs.inc.php
> @@ -877,7 +877,8 @@ function valid_pgp_fingerprint($fingerprint) {
> function valid_ssh_pubkey($pubkey) {
> $valid_prefixes = array(
> "ssh-rsa", "ssh-dss", "ecdsa-sha2-nistp256",
> - "ecdsa-sha2-nistp384", "ecdsa-sha2-nistp521", "ssh-ed25519"
> + "ecdsa-sha2-nistp384", "ecdsa-sha2-nistp521", "ssh-ed25519",
> + "sk-ssh-ecdsa at openssh.com", "sk-ssh-ed25519 at openssh.com"
> );
>
> $has_valid_prefix = false;
Thanks! But in aurweb/git/auth.py we check $AUR_CONFIG (defaults in
conf/config.defaults) for valid-keytypes in the AuthorizedKeysCommand,
I'm not 100% sure why we bother but we do.
--
Eli Schwartz
Bug Wrangler and Trusted User
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/aur-dev/attachments/20210610/b4380a89/attachment.sig>
More information about the aur-dev
mailing list