From fb1df9fbac081e2f7f71459abf62d54431143aaf Mon Sep 17 00:00:00 2001 From: "Curt J. Sampson" Date: Wed, 20 Sep 2017 17:13:45 +0900 Subject: [PATCH] Example.rb: Remove key type (`ssh-rsa`) from keys The key type portion of a `known_hosts` line (`ssh-rsa` or similar) duplicates information already present in the Base 64 encoded string containing the key itself. Thus there's no need for our `KnownHosts` class to require anything but the Base 64 portion of the key. The type was actually ignored, anyway, except for being stripped off before the Base 64 string was decoded and passed to the `Net::SSH::Buffer` class. Thus, we remove this to avoid both unnecessary code and confusion. It's not clear where the idea of prefixing the line with the key type and stripping it off came from; the equivalant code from Net::SSH (`KnownHosts.keys_for()`) has since at least 2.9.4 done a (more proper) parse of SSH `known_hosts` file format with the host names/addresses in front of the key type. Probably when I implemented my version I just dropped the host names without really thinking about what was going on. (`Net::SSH::KnownHosts` class does also check the key type from outside the Base 64 encoded portion of the `known_hosts` line, but it's not clear how useful this really is since it seems just to guess what formats will be known by `Buffer.read_key`.) --- Example.rb | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/Example.rb b/Example.rb index dc46cd1..f7b205b 100755 --- a/Example.rb +++ b/Example.rb @@ -84,8 +84,11 @@ # with a key that we know. # host = 'github.com' -hostkey = 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==' -wronghostkey = 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1VJn8gp5A8FZRpemLgUePg/qlsJWqZYxVMtjOvziCh/vKXoCuddWo8Ehsxm++1fwMIf0BIZXQpH1EymH8joMOImfDm8UQ5OsTnP5T5+9NF7dH6BveK8VIZTJcRGX80CzfpEESmC0I3fbB1JoMVwEvznQnSveIcfvyhhoGUIO1L3L06s2LBRQRuGpM3razYW0W0z9qXegEivxQpvjG5OLAkaoVtdZ5zMlkGbKf+IWXL9S0pCZWrtOBLG42m5UF5V3vTfi2+Fiq8pMhGlMcpsgJ3bzuf93m+v7Z+bGbsI+Qq2qsT8cm7j8YH9TaUq9A737yPQeSuGpTovq5c6rqmo/D' + +# These are "ssh-rsa" keys; it appears that 'Net::SSH' can figure this +# out automatically (and presumably other types as well). +hostkey = 'AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==' +wronghostkey = 'AAAAB3NzaC1yc2EAAAADAQABAAABAQC1VJn8gp5A8FZRpemLgUePg/qlsJWqZYxVMtjOvziCh/vKXoCuddWo8Ehsxm++1fwMIf0BIZXQpH1EymH8joMOImfDm8UQ5OsTnP5T5+9NF7dH6BveK8VIZTJcRGX80CzfpEESmC0I3fbB1JoMVwEvznQnSveIcfvyhhoGUIO1L3L06s2LBRQRuGpM3razYW0W0z9qXegEivxQpvjG5OLAkaoVtdZ5zMlkGbKf+IWXL9S0pCZWrtOBLG42m5UF5V3vTfi2+Fiq8pMhGlMcpsgJ3bzuf93m+v7Z+bGbsI+Qq2qsT8cm7j8YH9TaUq9A737yPQeSuGpTovq5c6rqmo/D' puts("You should see no exceptions.") @@ -146,12 +149,12 @@ def search_for(host, options = {}) attr_reader :host - def initialize(host, pubkeys) + def initialize(host, base64_pubkeys) @host = host - super(pubkeys.map { |keyline| - type, key = keyline.split(' ', 2) - # XXX we just assume it's a supported type, yeah, that's lazybad - blob = key.unpack('m0*').first + super(base64_pubkeys.map { |base64key| + # The type is encoded in the key information; we let + # `read_key` determine whether it likes it or not. + blob = base64key.unpack('m0*').first Net::SSH::Buffer.new(blob).read_key }) end