Summary

Refactor to use key directly instead of fingerprint

Review Request #2449 — Created April 29, 2023 and submitted July 3, 2023, 11:56 p.m.

Information

Owner

aklitzing@gmail.com

Repository

grim/hgkeeper

Branch

default

Bugs

Depends On

Blocks

2450

Reviewers

Groups

People

grim

Description

OpenSSH can provide the type and key with "%t %k". So we do not need
to match it with fingerprints.

This simplifies key handling a lot and allows to search for requested
pubkey in later changes.

Testing Done

Commits

Summary	ID	Author
Refactor to use key instead of fingerprint directly OpenSSH can provide the type and key with "%t %k". So we do not need to match it with fingerprints. This simplifies key handling a lot and allows to search for requested pubkey in later changes.	efba9f1580c58402f60342d6cbb088acd2b2bb19	Andre Klitzing

Issues

Description	From	Last Updated
overall this looks good but it totally breaks existing ssh setups and we should avoid that.	grim	July 3, 2023, 11:54 p.m.
some people use rsa4096 keys and that's a lot to output in a log message so it probably makes sense …	grim	May 24, 2023, 3:55 p.m.

Summary:

-	Refactor to use key instead of fingerprint directly
+	Refactor to use key directly instead of fingerprint

Commits:

	Summary	ID	Author
	Refactor to use key instead of fingerprint directly OpenSSH can provide the type and key with "%t %k". So we do not need to match it with fingerprints. This simplifies key handling a lot and allows to search for requested pubkey in later changes.	ce6c5df59071837cabe0c364766b9bef46b52ba9	Andre Klitzing
	Refactor to use key instead of fingerprint directly OpenSSH can provide the type and key with "%t %k". So we do not need to match it with fingerprints. This simplifies key handling a lot and allows to search for requested pubkey in later changes.	177ea70a3ad4135cbf3819f13644ecdf4dade193	Andre Klitzing

Diff:

Revision 2 (+56 -120)

Show changes

	access/users.go
	authorized_keys/command.go
	docs/includes/ondemand/openssh.md
	docs/includes/reverseproxy/openssh.md
	examples/openssh/hgkeeper.conf
	http/authorized_keys.go
	ssh/server.go

Show all issues

overall this looks good but it totally breaks existing ssh setups and we should avoid that.

aklitzing@gmail.com May 24, 2023, 3:56 p.m.

Yeah, I know. But shouldn't be a new release with big "release notes: breaking change!" enough? It is just %f to "%t %k"

aklitzing@gmail.com May 31, 2023, 7:28 a.m.

Major release should be allowed to break old stuff. Mabye it is time to remove "site hgrc", too?

grim June 14, 2023, 3:48 a.m.

Well a major release would be a 2.0.0 not a 1.2.0. That said maybe there's enough stuff here for that.. Let me ping some people and think about this a bit. Sorry I know this has been taking a while but I don't want to rush this either. Also this would require the docs to get updated as well.

grim June 14, 2023, 3:52 a.m.

Derp, I forgot to check again if the docs where updated and they were. Sorry it's late :-/

grim July 3, 2023, 11:54 p.m.

I did ping a bunch of people and they're okay with this as long as it's a major version bump and documented, which it will be.

ssh/server.go (Diff revision 2)

Show all issues

some people use rsa4096 keys and that's a lot to output in a log message so it probably makes sense to use the finger print here.

Commits:

	Summary	ID	Author
	Refactor to use key instead of fingerprint directly OpenSSH can provide the type and key with "%t %k". So we do not need to match it with fingerprints. This simplifies key handling a lot and allows to search for requested pubkey in later changes.	177ea70a3ad4135cbf3819f13644ecdf4dade193	Andre Klitzing
	Refactor to use key instead of fingerprint directly OpenSSH can provide the type and key with "%t %k". So we do not need to match it with fingerprints. This simplifies key handling a lot and allows to search for requested pubkey in later changes.	efba9f1580c58402f60342d6cbb088acd2b2bb19	Andre Klitzing

Diff:

Revision 3 (+52 -114)

Show changes

	access/users.go
	authorized_keys/command.go
	docs/includes/ondemand/openssh.md
	docs/includes/reverseproxy/openssh.md
	examples/openssh/hgkeeper.conf
	http/authorized_keys.go
	ssh/server.go

Ship it!

```
Ship It!
```

Awesome, thank you so much for the updates and your patience!!

Review Board 6.0.1

Refactor to use key directly instead of fingerprint

Information

Reviewers

Summary:

Commits:

Diff:

Commits:

Diff:

Status: Closed (submitted)