# HG changeset patch
# User Marcin Kuzminski <marcin@rhodecode.com>
# Date 2018-05-16 21:01:46
# Node ID ea9069b3c26cc89231ae53d9c488907706453eca
# Parent  c91262ed3440d28179ca9dca3f561f61de13e208

ssh-keys: further sanitize data of inputted SSH keys.

diff --git a/rhodecode/apps/admin/views/users.py b/rhodecode/apps/admin/views/users.py
--- a/rhodecode/apps/admin/views/users.py
+++ b/rhodecode/apps/admin/views/users.py
@@ -826,7 +826,7 @@ class UsersView(UserAppView):
             fingerprint = key.hash_md5()
 
             ssh_key = SshKeyModel().create(
-                c.user.user_id, fingerprint, key_data, description)
+                c.user.user_id, fingerprint, key.keydata, description)
             ssh_key_data = ssh_key.get_api_data()
 
             audit_logger.store_web(
diff --git a/rhodecode/apps/my_account/views/my_account_ssh_keys.py b/rhodecode/apps/my_account/views/my_account_ssh_keys.py
--- a/rhodecode/apps/my_account/views/my_account_ssh_keys.py
+++ b/rhodecode/apps/my_account/views/my_account_ssh_keys.py
@@ -98,7 +98,7 @@ class MyAccountSshKeysView(BaseAppView, 
             fingerprint = key.hash_md5()
 
             ssh_key = SshKeyModel().create(
-                c.user.user_id, fingerprint, key_data, description)
+                c.user.user_id, fingerprint, key.keydata, description)
             ssh_key_data = ssh_key.get_api_data()
 
             audit_logger.store_web(
diff --git a/rhodecode/apps/ssh_support/utils.py b/rhodecode/apps/ssh_support/utils.py
--- a/rhodecode/apps/ssh_support/utils.py
+++ b/rhodecode/apps/ssh_support/utils.py
@@ -87,7 +87,8 @@ def _generate_ssh_authorized_keys_file(
         # replace all newline from ends and inside
         safe_key_data = user_key.ssh_key_data\
             .strip()\
-            .replace('\n', ' ')\
+            .replace('\n', ' ') \
+            .replace('\t', ' ') \
             .replace('\r', ' ')
 
         line = line_tmpl.format(