#3864 sss_ssh_authorizedkeys: no output when attribute value contains trailing whitespace
Opened 5 months ago by nxg. Modified a month ago

If an sshPublicKey attribute contains a key with trailing whitespace (in my case, a trailing newline), then sss_ssh_authorizedkeys produces no output. Calling with the --debug option produces:

/usr/bin/sss_ssh_authorizedkeys --debug 2 username
(Wed Oct 24 18:13:29:102036 2018) [/usr/bin/sss_ssh_authorizedkeys] [main] (0x0040): sss_ssh_format_pubkey() failed (22): Invalid argument


  • Yes, this attribute probably shouldn't contain trailing whitespace (and I'm going to fix that in my case), but I can't find any spec that says that's definitively wrong (as opposed to ‘asking for trouble’).
  • Even if it is wrong, I feel this tool should try a little harder to Do The Right Thing.
  • When the tool finds an sshPublicKey which it decides is ‘malformed’, it should perhaps report this in some way, even if only to the system log. At present, the only way of debugging this is to use the (undocumented) --debug option.

I note issue #2349, closed four years ago: that's presumably the same underlying problem as this one. I see that issue is closed, but something like this appears to be still causing a problem.

I can't tell what version of sss_ssh_authorizedkeys I'm using (no -V or --version).

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 2.1
- Issue tagged with: easyfix

5 months ago

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 2.2 (was: SSSD 2.1)

a month ago

Login to comment on this ticket.