Gitea: ECDSA keys don't work with LDAP sync
- Gitea version (or commit ref): 1.5.0+rc1-249-g4090204 (latest HEAD)
- Git version: n.a
- Operating system: Linux (debian 8)
- Database (use
[x]):
- [ ] PostgreSQL
- [ ] MySQL
- [ ] MSSQL
- [X] SQLite
- Can you reproduce the bug at https://try.gitea.io:
- [ ] Yes (provide example URL)
- [ ] No
- [X] Not relevant
Description
LDAP sync doesn't work with ECDSA keys because the algo string check is hardcoded instead of using ssh.ParseAuthorizedKey.
2018/10/16 10:15:49 [W] addLdapSSHPublicKeys[auth.example.com]: Skipping invalid LDAP Public SSH Key for user jjacobs: ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAE1igxlv03cX/DzPgLyOtd554AZD+FTxpM80cfIcOfEiRG6KgDRWqhlezHWfMytPhTHICnXIP4d5qg72ITWt1FGFQAsWCQoRDK6/FsQ1eYuBGmesF0oK/MQyyiWdula8RWCb+3IuxiJzvN81V0iel7WTNw8MzTRqIm0ikdiNc+canhRkw==
2018/10/16 10:19:59 [T] ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAE1igxlv03cX/DzPgLyOtd554AZD+FTxpM80cfIcOfEiRG6KgDRWqhlezHWfMytPhTHICnXIP4d5qg72ITWt1FGFQAsWCQoRDK6/FsQ1eYuBGmesF0oK/MQyyiWdula8RWCb+3IuxiJzvN81V0iel7WTNw8MzTRqIm0ikdiNc+canhRkw==
Solution
https://github.com/go-gitea/gitea/blob/master/models/user.go#L1458
Should become
_, _, _, _, err := ssh.ParseAuthorizedKey([]byte(sshKey))
if err == nil {
xor-gate
All 2 comments
Hi Guys,
I could create a PR for this as I have tested it and works fine with parsing in a normal way instead of checking for a limited ssh prefix.
Just let me know.
Kind regards,
Jerry Jacobs
xor-gate
on 16 Oct 2018
👍1
@xor-gate PRs are always welcome 馃槃
techknowlogick
on 17 Oct 2018
👍1
Was this page helpful?
0 / 5 - 0 ratings
Related issues
BNolet
路
3Comments
ghost
路
3Comments
lunny
路
3Comments
haytona
路
3Comments
Fastidious
路
3Comments