Bug 2623 - AuthorizedKeysFile split pub key and signature with tab `\t` not work.
Summary: AuthorizedKeysFile split pub key and signature with tab `\t` not work.
Status: NEW
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: sshd (show other bugs)
Version: 7.3p1
Hardware: Other Linux
: P5 enhancement
Assignee: Assigned to nobody
URL:
Keywords:
: 2294 (view as bug list)
Depends on:
Blocks:
 
Reported: 2016-10-08 16:15 AEDT by gshmu
Modified: 2020-01-26 00:29 AEDT (History)
2 users (show)

See Also:

Attachments
Allow a single tab instead of space between key type and key. (853 bytes, patch)
2016-10-12 04:18 AEDT, Darren Tucker 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description gshmu 2016-10-08 16:15:31 AEDT 
I split pub key and signature with \t, it's not working..
Comment 1 gshmu 2016-10-08 16:22:20 AEDT 
command@ubuntu# grep "AuthorizedKeysFile" /etc/ssh/sshd_config 
AuthorizedKeysFile %h/.ssh/me.pro

not using default authorized_keys file, after upgrade it not work...
Comment 2 Darren Tucker 2016-10-08 16:38:04 AEDT 
You put a tab in the authorized_keys file itself or after the directive in sshd_config?
Comment 3 gshmu 2016-10-10 12:14:44 AEDT 
(In reply to Darren Tucker from comment #2)
> You put a tab in the authorized_keys file itself or after the
> directive in sshd_config?

authorized_keys file itself

$ cat .ssh/authorized_keys_renamed
xxxx{\tab}sign
xxxx{\tab}sign
xxxx{\tab}sign
Comment 4 Darren Tucker 2016-10-12 04:18:29 AEDT 
Created attachment 2878 [details]
Allow a single tab instead of space between key type and key.

Looks like the code in question is in sshkey.c:sshkey_read(), and that tabs are accepted in many places but not all.  In that code's defense, the sshd(8) man page specifies that these things are space-separated.

        case KEY_UNSPEC:
[...]
                space = strchr(cp, ' ');
... but later:
                        while (*space == ' ' || *space == '\t')
                                space++;

Please try the attached patch, which should allow a single tab character instead of a space.
Comment 5 Darren Tucker 2016-10-13 03:02:08 AEDT 
(In reply to Darren Tucker from comment #4)
> Created attachment 2878 [details]
> Allow a single tab instead of space between key type and key.

Looks like this causes a regression test failure so further investigation is needed.
Comment 6 Damien Miller 2020-01-26 00:29:25 AEDT 
*** Bug 2294 has been marked as a duplicate of this bug. ***