[Cryptography-dev] ssh public key processing
Chris Hines
chris.hines at monash.edu
Wed Aug 17 20:15:02 EDT 2016
Hi List,
I have a question about the function
cryptography.hazmat.primatives.serialization.load_ssh_public_key
Basically is the function inteornded to load only the public key or is it
intended that it be able to process any like out of an authorized_keys_file
Source code shows that the function is prepared to strip of the key-type
(eg ssh-rsa) and use it for comparison against the inner_key_type but is
not prepared to strip off any options that can be passed in an
authorized_keys file (For example SSH_FORCE_COMMAND or no-port-forwarding).
I ask because the downstream project OpenStack Nova uses
load_ssh_public_key to verify contents intended for authorized_keys is
valid. Its easy enough to remove ssh options in Nova before passing to
load_ssh_public_key, but I though if load_ssh_public_key already deals with
the key-type header, perhaps it should also deal with the other options.
I can create issues and merge requests if that is helpful, just looking for
clarification on the intention (i.e. does load_ssh_public_key load contents
intended for authorized_keys or just the public key part)
Cheers,
--
Chris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20160818/0700cbaf/attachment.html>
More information about the Cryptography-dev
mailing list