Match = SSHFingerprint.match(output)
g = Match.groups()
+ key_size = g[0]
+ fingerprint = g[1]
- if typekey == "ssh-rsa":
- key_size_ok = (g[0]) >= 2048)
+ if typekey == "rsa":
+ key_size_ok = (int(key_size) >= 2048)
elif typekey == "ed25519":
key_size_ok = True
else:
key_size_ok = False
if not key_size_ok:
- try:
- # Body
- Subst["__ERROR__"] = "SSH key fails formal criteria. We only accept RSA keys (>= 2048 bits) or ed25519 keys." % (g[0])
- ErrReply = TemplateSubst(Subst,open(TemplatesDir+"admin-info","r").read())
-
- Child = os.popen("/usr/sbin/sendmail -t","w")
- Child.write(ErrReplyHead)
- Child.write(ErrReply)
- if Child.close() != None:
- raise UDExecuteError, "Sendmail gave a non-zero return code"
- except:
- sys.exit(EX_TEMPFAIL)
-
- # And now break and stop processing input, which sends a reply to the user.
- raise UDFormatError, "SSH key fails formal criteria, NOTHING MODIFIED AT ALL"
- elif g[1] in badkeys:
+ return "SSH key fails formal criteria, not added. We only accept RSA keys (>= 2048 bits) or ed25519 keys."
+ elif fingerprint in badkeys:
try:
# Body
Subst["__ERROR__"] = "SSH key with fingerprint %s known as bad key" % (g[1])
global SeenKey;
if SeenKey:
Attrs.append((ldap.MOD_ADD,"sshRSAAuthKey",Str));
- return "SSH Key added "+FormatSSHAuth(Str);
+ return "SSH Key added: %s %s [%s]"%(key_size, fingerprint, FormatSSHAuth(Str))
Attrs.append((ldap.MOD_REPLACE,"sshRSAAuthKey",Str));
SeenKey = 1;
- return "SSH Keys replaced with "+FormatSSHAuth(Str);
+ return "SSH Keys replaced with: %s %s [%s]"%(key_size, fingerprint, FormatSSHAuth(Str))
# Handle changing a dns entry
# host IN A 12.12.12.12