Project

General

Profile

Bug #10208

ssh authorized_keys gets corrupted when adding ed25519 keys

Added by Devin Reade over 5 years ago. Updated about 4 years ago.

Status:
Resolved
Priority:
No priority
Assignee:
William Grzybowski
Category:
GUI (new)
Target version:
Seen in:
Severity:
New
Reason for Closing:
Reason for Blocked:
Needs QA:
Yes
Needs Doc:
Yes
Needs Merging:
Yes
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:
ChangeLog Required:
No

Description

Observed with two FreeNAS 9-3-STABLE machines. I was setting up an rsync task on BoxA to pull data from BoxB to BoxA. In this case, I'm using root on both machines. In the field Account => Users => root => SSH Public Key on both machines there are already a number of rsa and dsa public keys listed, but no key for root@BoxA.

So on BoxA, I generated a new passwordless key: # ssh-keygen -t ed25519

On BoxB, I then went to modify the authorized_keys file via the UI sequence mentioned above. I cut&paste the contents of the ~root/.ssh/id_ed25519.pub file from BoxA into the "SSH Public Key" field on BoxB, appending it to the previous entries, and saved the changes.

Testing ssh in the shell from BoxA to BoxB failed. Examination of the ~root/.ssh/authorized_keys file on BoxB shows that the UI appended the key, but trimmed out the newline between that key and the previous one. I tried it a few more times to ensure that it wasn't operator error; the edit box initially has a newline before the ed25519 key, but upon save the newline is removed.

Perhaps is there something in the UI code that understands 'ssh-dss', 'ssh-rsa', but not 'ssh-ed25519', and is trying to reformat that file accordingly? If so, perhaps it should be looking for the equivalent of regex 'ssh-\S+' instead.

The original authorized_keys file before editing consisted of 4 ssh-rsa keys, 3 ssh-dss keys, and was 3957 bytes long. The id_ed25519.pub file is 100 bytes long.

I finally avoided the problem by switching to an rsa key for this purpose.


Related issues

Related to FreeNAS - Bug #12397: FreeNAS GUI improperly parsing ECDSA keys when added to user accountClosed: Cannot reproduce2015-11-13

Associated revisions

Revision 9090709e (diff)
Added by William Grzybowski over 5 years ago

Fix regex to support ed25519 Ticket: #10208 Merge-FN93: yes Merge-TN93: yes

Revision 207a8d48 (diff)
Added by William Grzybowski over 5 years ago

Fix regex to support ed25519 Ticket: #10208 Merge-FN93: yes Merge-TN93: yes (cherry picked from commit 9090709ed631c6fd4feac88e7f9911167118393f)

Revision 22562720 (diff)
Added by William Grzybowski over 5 years ago

Fix regex to support ed25519 Ticket: #10208 Merge-FN93: yes Merge-TN93: yes (cherry picked from commit 9090709ed631c6fd4feac88e7f9911167118393f)

History

#1 Updated by Jordan Hubbard over 5 years ago

  • Category deleted (148)
  • Assignee changed from Anonymous to William Grzybowski
  • Target version set to Unspecified

#2 Updated by William Grzybowski over 5 years ago

  • Status changed from Unscreened to Screened

#3 Updated by William Grzybowski over 5 years ago

  • Category set to 2
  • Status changed from Screened to Ready For Release

#4 Updated by Jordan Hubbard over 5 years ago

  • Status changed from Ready For Release to Resolved

#5 Updated by William Grzybowski almost 5 years ago

  • Related to Bug #12397: FreeNAS GUI improperly parsing ECDSA keys when added to user account added

#6 Avatar?id=14398&size=24x24 Updated by Kris Moore about 4 years ago

  • Target version changed from Unspecified to N/A

Also available in: Atom PDF