Comments (4)
elitak
commented on July 25, 2024
I haven't tested it beyond the regex, but something like this should store the sanitized lines into the keys var:
for trypath in /root/authorized_keys /root/.ssh/authorized_keys; do [[ -r "$trypath" ]] && keys=$(sed -E 's/.*(ssh-[^[:space:]]+)[[:space:]]+([[:alnum:]]+)[[:space:]]*.*/\1 \2/') && break; done
from nixos-infect.
grische
commented on July 25, 2024
@elitak I think you forgot the $trypath inside the subshell for this to work
@DavHau if you want to improve it, a few suggestions:
AUTHORIZED_KEYS FILE FORMAT
AuthorizedKeysFile specifies the files containing public keys for public
key authentication; if this option is not specified, the default is
~/.ssh/authorized_keys and ~/.ssh/authorized_keys2. Each line of the file
contains one key (empty lines and lines starting with a ‘#’ are ignored as
comments). Public keys consist of the following space-separated fields:
options, keytype, base64-encoded key, comment. The options field is
optional. The keytype is “ecdsa-sha2-nistp256”, “ecdsa-sha2-nistp384”,
“ecdsa-sha2-nistp521”, “ssh-ed25519”, “ssh-dss” or “ssh-rsa”; the comment
field is not used for anything (but may be convenient for the user to
identify the key).
- allow
ecdsa-...as well as ofssh-... - keep the ssh comment field
This should probably work for you:
for trypath in /root/authorized_keys /root/.ssh/authorized_keys; do [[ -r "$trypath" ]] && keys=$(sed -E 's/^.*((ssh|ecdsa)-[^[:space:]]+)[[:space:]]+([^[:space:]]+)([[:space:]]*.*)$/\1 \3\4/' "$trypath") && break; done
from nixos-infect.
elitak
commented on July 25, 2024
Yeah, I did forget $trypath, thanks.
Probably all the possible locations should be cated together, including authorized_keys2.
The options field is allowed to be quoted, to escape the space delimiters. I didn't handle that, but now that I think about it, using set -- $line from bash would be a better way to handle any nested quotes/escape sequences, that way we don't have to match on (ssh|ecdsa|something-from-the-future)-.
Something like this (untested):
local -a keys
(cat /root/{,.ssh/}authorized_keys{,2} || true) | while read line; do
set -- $line
[[ "$#" -eq 4 ]] && shift
keys+=("$@")
done
# later use "${keys[@]}" to include into .nix
from nixos-infect.
grische
commented on July 25, 2024
@elitak if you are not bound by using a one line, I would write some proper bash code.
For instance I would suggest to simply loop over a list of files and parse them without using any cat at all.
Then parsing the files with a nice function.
I don't see a reason not to use the regex, if the specification says those key prefixes are fixed anyway.
At first sight it also seems that your code doesn't handle that both the options field as well as the comment field of the authorized_keys file are optional.
from nixos-infect.
Related Issues (20)
- can not boot new system HOT 2
- Build failure on aarch64 due to missing module vmw_pvscsi HOT 6
- Problem with isX86_64, missing parenthesis? HOT 1
- ubuntu22.04 on ESXI 7.0 failed mounting on `/mnt-root`
- Not working in Azure HOT 3
- No ssh keys installed if /root/.ssh/authorized_keys is an empty file HOT 3
- Hetzner Cloud - user data vs. curl nixos-infect HOT 2
- Reporting that the script works on Hetzner's new Ampere ARM cloud vps HOT 2
- Invalid networking.nix for IPv6-only machines HOT 2
- Reporting that it works with SSD Nodes on Ubuntu 22.04
- Report for GCE T2A Ampere arm64 aarch64 instance HOT 1
- Fails at /nix/var/nix/profiles/system/bin/switch-to-configuration boot HOT 1
- The authorized-keys migrator does not correctly handle sk-variant ssh keys HOT 1
- Allow to modify /boot partition or give a warning when the /boot partition is small
- Does NOT work on DigitalOcean Droplet with Ubuntu 22.04 without `export doNetConf=y` HOT 4
- Intermittent 'ERROR: Missing bzcat' error
- nixos-infect crashes with a nix syntax error on scaleway instances
- Trimming SSH lines removes spaces from them HOT 1
- Hetzner Cloud IPv6 not working HOT 2
- wishlist: disk encryption HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nixos-infect.