#3864 sss_ssh_authorizedkeys: no output when attribute value contains trailing whitespace
Closed: Fixed 2 years ago by pbrezina. Opened 3 years ago by nxg.

If an sshPublicKey attribute contains a key with trailing whitespace (in my case, a trailing newline), then sss_ssh_authorizedkeys produces no output. Calling with the --debug option produces:

/usr/bin/sss_ssh_authorizedkeys --debug 2 username
(Wed Oct 24 18:13:29:102036 2018) [/usr/bin/sss_ssh_authorizedkeys] [main] (0x0040): sss_ssh_format_pubkey() failed (22): Invalid argument


  • Yes, this attribute probably shouldn't contain trailing whitespace (and I'm going to fix that in my case), but I can't find any spec that says that's definitively wrong (as opposed to ‘asking for trouble’).
  • Even if it is wrong, I feel this tool should try a little harder to Do The Right Thing.
  • When the tool finds an sshPublicKey which it decides is ‘malformed’, it should perhaps report this in some way, even if only to the system log. At present, the only way of debugging this is to use the (undocumented) --debug option.

I note issue #2349, closed four years ago: that's presumably the same underlying problem as this one. I see that issue is closed, but something like this appears to be still causing a problem.

I can't tell what version of sss_ssh_authorizedkeys I'm using (no -V or --version).

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 2.1
- Issue tagged with: easyfix

3 years ago

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 2.2 (was: SSSD 2.1)

3 years ago

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 2.3 (was: SSSD 2.2)

2 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/4854

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.