##// END OF EJS Templates
ssh(sec): fix newline problem on key saving that would allow bypassing command sandbox.
marcink -
r2748:2362c2ca stable
parent child Browse files
Show More
@@ -84,16 +84,22 b' def _generate_ssh_authorized_keys_file('
84 for user_key in all_active_keys:
84 for user_key in all_active_keys:
85 username = user_key.user.username
85 username = user_key.user.username
86 user_id = user_key.user.user_id
86 user_id = user_key.user.user_id
87 # replace all newline from ends and inside
88 safe_key_data = user_key.ssh_key_data\
89 .strip()\
90 .replace('\n', ' ')\
91 .replace('\r', ' ')
87
92
88 keys_file.write(
93 line = line_tmpl.format(
89 line_tmpl.format(
90 ssh_opts=ssh_opts or SSH_OPTS,
94 ssh_opts=ssh_opts or SSH_OPTS,
91 wrapper_command=ssh_wrapper_cmd,
95 wrapper_command=ssh_wrapper_cmd,
92 ini_path=ini_path,
96 ini_path=ini_path,
93 user_id=user_id,
97 user_id=user_id,
94 user=username,
98 user=username,
95 user_key_id=user_key.ssh_key_id,
99 user_key_id=user_key.ssh_key_id,
96 key=user_key.ssh_key_data))
100 key=safe_key_data)
101
102 keys_file.write(line)
97 log.debug('addkey: Key added for user: `%s`', username)
103 log.debug('addkey: Key added for user: `%s`', username)
98 keys_file.close()
104 keys_file.close()
99
105
@@ -8,13 +8,13 b''
8 </p>
8 </p>
9 <h4>${_('Private key')}</h4>
9 <h4>${_('Private key')}</h4>
10 <pre>
10 <pre>
11 # Save the content as
11 # Save the below content as
12 # Windows: /Users/<username>/.ssh/id_rsa_rhodecode_access_priv.key
12 # Windows: /Users/{username}/.ssh/id_rsa_rhodecode_access_priv.key
13 # macOS: /Users/<yourname>/.ssh/id_rsa_rhodecode_access_priv.key
13 # macOS: /Users/{yourname}/.ssh/id_rsa_rhodecode_access_priv.key
14 # Linux: /home/<username>/.ssh/id_rsa_rhodecode_access_priv.key
14 # Linux: /home/{username}/.ssh/id_rsa_rhodecode_access_priv.key
15
15
16 # Change permissions to 0600 to make it secure, and usable.
16 # Change permissions to 0600 to make it secure, and usable.
17 e.g chmod 0600 /home/<username>/.ssh/id_rsa_rhodecode_access_priv.key
17 e.g chmod 0600 /home/{username}/.ssh/id_rsa_rhodecode_access_priv.key
18 </pre>
18 </pre>
19
19
20 <div>
20 <div>
@@ -24,10 +24,10 b' e.g chmod 0600 /home/<username>/.ssh/id_'
24
24
25 <h4>${_('Public key')}</h4>
25 <h4>${_('Public key')}</h4>
26 <pre>
26 <pre>
27 # Save the content as
27 # Save the below content as
28 # Windows: /Users/<username>/.ssh/id_rsa_rhodecode_access_pub.key
28 # Windows: /Users/{username}/.ssh/id_rsa_rhodecode_access_pub.key
29 # macOS: /Users/<yourname>/.ssh/id_rsa_rhodecode_access_pub.key
29 # macOS: /Users/{yourname}/.ssh/id_rsa_rhodecode_access_pub.key
30 # Linux: /home/<username>/.ssh/id_rsa_rhodecode_access_pub.key
30 # Linux: /home/{username}/.ssh/id_rsa_rhodecode_access_pub.key
31 </pre>
31 </pre>
32
32
33 <input type="text" value="${c.public}" class="large text" size="100"/>
33 <input type="text" value="${c.public}" class="large text" size="100"/>
General Comments 0
You need to be logged in to leave comments. Login now