Bug#794568: OpenSSH server does not recognize principals option in authorized_keys file
On 08/04/2015 04:52 PM, Adam D. Barratt wrote:
> Control: tags -1 + moreinfo
>
> On 2015-08-04 15:10, Gordon Grubert wrote:
> [...]
>> Disabling these options and using an user-based configuration in
>> $HOME/.ssh/authorized_keys does not work. The authorized_keys file looks
>> like
>>
>> cert-authority,principals=MYPRINCIPAL ssh-ed25519 AAAAC3NzaC1lZDI1NT.....
>>
>> The ssh server says:
>>
>> Bad options in /root/.ssh/authorized_keys file, line 1:
>> principals=MYPRINCIPAL ssh-ed25519 AAAAC3NzaC1lZDI1NT
>>
>> The syntax of the file authorzied_keys seems to be invalid, but this
>> should be the syntax specified in man 8 sshd (section AUTHORIZED_KEYS
>> FILE FORMAT).
>
> It's not - at least not precisely.
>
> sshd(8) says that the option is
>
> principals="principals"
>
> The quotes are part of the syntax. I can replicate the error you're
> seeing by specifying principals=FOO, but principals="foo" parses fine.
You're right. Using quotes, everything is fine. IMHO, I had also tested
this scenario. Obviously, I did not. I'm not sure, that the line
principals="principals"
in sshd(8) says, that you have to use quotes. sshd(8) also says for the
options:
No spaces are permitted, except within double quotes.
This implies, to use quotes for spaces only.
Thx and best regards,
Gordon
Reply to: