Learn more about these different git repos.
Other Git URLs
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 1104145
Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.
Description of problem: public key validator is too strict and does not allow newlines anywhere in the public key string, not even at the end. How reproducible: Always Steps to Reproduce: 1. Add the following in sssd.conf: ldap_user_ssh_public_key = extensionAttribute5 <<-- windows attribute in our case 2. Add following in /etc/ssh/sshd_config AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys Actual results: /usr/bin/sss_ssh_authorizedkeys --debug 10 <username> [/usr/bin/sss_ssh_authorizedkeys] [main] (0x0040): sss_ssh_format_pubkey() failed (22): Invalid argument Expected results: Should acquires SSH public keys for user USER and outputs them in OpenSSH authorized_keys format. Additional info: # ldapsearch -LLL -H ldap://REDACTED -b dc=REDACTED '(&(objectClass=User)(extensionAttribute5=*))' dn samaccountname extensionAttribute5 SASL/GSSAPI authentication started SASL username: REDACTED SASL SSF: 56 SASL data security layer installed. dn:: Q049U8O4cnNkYWhsIExhcnMgUHJlYmVuIChRNU4pLE9VPVVzZXJzLE9VPVNUQixPVT1DdXN0b 21lcnMsREM9c3RiLERDPWxvY2Fs sAMAccountName: Q5N extensionAttribute5:: c3NoLWRzcyBBQUFBQjNOemFDMWtjM01BQUFDQkFJMFQxK01hRkQyNHRo aDFlYTZKemUxV0djQWZDdzFXTVVxNC9WYS9MSkl6NGovSFR1ZWI4aTFLeE9MR1ZVZ3pqaEMvQkx3d FdxclRGdG9oS0dkZjFVbCtDLy9xNTdOOHE5cHoxM1JybEFTczZ5SWFOODRaME1kdGdzMmV1VE1aNH Q0QUVkak82UUxSSENndXJXWlNGMXVmeWYyWGpXYWl0MVJRRVgxWGRnMnJBQUFBRlFEcE53UGFHTlU zU1Jrc2FGSVFwalNya3VrSEN3QUFBSUEzUTBoK2puWHlRc2ordlQ4U1dRNWNSbStXZmx3YUh3S3lI ZHhJSlVUUWVncTEydW9uM0t3UkRxQm8vRU5leG5iZFV4SGxDQ1BGMit4eEpPNlJiLzJOeFFQaERoY Up1eDgwTEJqVHord3ZEVmhQMFl4ZStuM3pQRXNkQU4zQm5WVkR2am85RWdiUmJIeXFoTE5yenNWWD BjbnVVNkhSWkpiNkFBbVpxQmtsOVFBQUFJQmdYUkdmdUtZZWFZTTQ3aDcyWEVJRTlJZGRvMzRhbWh XaC9YWW0wWml6R1VGUUxLclZGOEJIa2Z3bjJDa0hTOE94VU9VVmNwWkxFcDlPbUNHTm10QXVaNkpQ aWYrTTIyUHpGNEhSbys4ZWlXNWVEY21tTjNlN0FhNzQzQm5nUFlqb3JzbTNJa0dhcndrVGtGbWhvd VZjd0doOUVpcDNtclQ3aGlOa2xaZG9ZUT09IHE1bkBzdG9yZWJyYW5kLm5vCg== -- > ssh-debug the public key validator is too strict and does not allow newlines anywhere in the public key string, not even at the end. output: invalid argument
Fields changed
blockedby: => blocking: => changelog: => coverity: => description: Ticket was cloned from Red Hat Bugzilla (product ''Red Hat Enterprise Linux 6''): [https://bugzilla.redhat.com/show_bug.cgi?id=1104145 Bug 1104145]
''Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.''
{{{ Description of problem:
public key validator is too strict and does not allow newlines anywhere in the public key string, not even at the end.
How reproducible: Always
Steps to Reproduce: 1. Add the following in sssd.conf:
ldap_user_ssh_public_key = extensionAttribute5 <<-- windows attribute in our case
AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys
Actual results:
/usr/bin/sss_ssh_authorizedkeys --debug 10 <username> [/usr/bin/sss_ssh_authorizedkeys] [main] (0x0040): sss_ssh_format_pubkey() failed (22): Invalid argument
Expected results: Should acquires SSH public keys for user USER and outputs them in OpenSSH authorized_keys format.
Additional info:
'(&(objectClass=User)(extensionAttribute5=*))' dn samaccountname extensionAttribute5
SASL/GSSAPI authentication started SASL username: REDACTED SASL SSF: 56 SASL data security layer installed. dn:: Q049U8O4cnNkYWhsIExhcnMgUHJlYmVuIChRNU4pLE9VPVVzZXJzLE9VPVNUQixPVT1DdXN0b 21lcnMsREM9c3RiLERDPWxvY2Fs sAMAccountName: Q5N extensionAttribute5:: c3NoLWRzcyBBQUFBQjNOemFDMWtjM01BQUFDQkFJMFQxK01hRkQyNHRo aDFlYTZKemUxV0djQWZDdzFXTVVxNC9WYS9MSkl6NGovSFR1ZWI4aTFLeE9MR1ZVZ3pqaEMvQkx3d FdxclRGdG9oS0dkZjFVbCtDLy9xNTdOOHE5cHoxM1JybEFTczZ5SWFOODRaME1kdGdzMmV1VE1aNH Q0QUVkak82UUxSSENndXJXWlNGMXVmeWYyWGpXYWl0MVJRRVgxWGRnMnJBQUFBRlFEcE53UGFHTlU zU1Jrc2FGSVFwalNya3VrSEN3QUFBSUEzUTBoK2puWHlRc2ordlQ4U1dRNWNSbStXZmx3YUh3S3lI ZHhJSlVUUWVncTEydW9uM0t3UkRxQm8vRU5leG5iZFV4SGxDQ1BGMit4eEpPNlJiLzJOeFFQaERoY Up1eDgwTEJqVHord3ZEVmhQMFl4ZStuM3pQRXNkQU4zQm5WVkR2am85RWdiUmJIeXFoTE5yenNWWD BjbnVVNkhSWkpiNkFBbVpxQmtsOVFBQUFJQmdYUkdmdUtZZWFZTTQ3aDcyWEVJRTlJZGRvMzRhbWh XaC9YWW0wWml6R1VGUUxLclZGOEJIa2Z3bjJDa0hTOE94VU9VVmNwWkxFcDlPbUNHTm10QXVaNkpQ aWYrTTIyUHpGNEhSbys4ZWlXNWVEY21tTjNlN0FhNzQzQm5nUFlqb3JzbTNJa0dhcndrVGtGbWhvd VZjd0doOUVpcDNtclQ3aGlOa2xaZG9ZUT09IHE1bkBzdG9yZWJyYW5kLm5vCg==
-- > ssh-debug
the public key validator is too strict and does not allow newlines anywhere in the public key string, not even at the end.
output: invalid argument }}} => Ticket was cloned from Red Hat Bugzilla (product ''Red Hat Enterprise Linux 6''): [https://bugzilla.redhat.com/show_bug.cgi?id=1104145 Bug 1104145]
output: invalid argument }}}
design: => design_review: => 0 feature_milestone: => fedora_test_page: => review: True => 0 selected: => testsupdated: => 0
owner: somebody => jcholast patch: 0 => 1 status: new => assigned
milestone: NEEDS_TRIAGE => SSSD 1.11.7
resolution: => fixed status: assigned => closed
Metadata Update from @jhrozek: - Issue assigned to jcholast - Issue set to the milestone: SSSD 1.11.7
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/3391
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.