github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

fix: TraditionalOpenSSL private ssh key

pull/9175/head
Eric 2022-12-03 16:05:26 +08:00 committed by Jiangjie.Bai
parent a68ad7be68
commit d8a8c8153b
1 changed files with 16 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
apps/common/utils/encode.py
View File

@ -68,7 +68,12 @@ class Signer(metaclass=Singleton):
return None return None
_supported_paramiko_ssh_key_types = (paramiko.RSAKey, paramiko.DSSKey, paramiko.Ed25519Key) _supported_paramiko_ssh_key_types = (
paramiko.RSAKey,
paramiko.DSSKey,
paramiko.Ed25519Key,
paramiko.ECDSAKey,
)
def ssh_key_string_to_obj(text, password=None): def ssh_key_string_to_obj(text, password=None):
@ -134,12 +139,6 @@ def ssh_key_gen(length=2048, type='rsa', password=None, username='jumpserver', h
def validate_ssh_private_key(text, password=None): def validate_ssh_private_key(text, password=None):
if isinstance(text, str):
try:
text = text.encode("utf-8")
except UnicodeDecodeError:
return False
key = parse_ssh_private_key_str(text, password=password) key = parse_ssh_private_key_str(text, password=password)
return bool(key) return bool(key)
@ -158,8 +157,9 @@ def parse_ssh_public_key_str(text: bytes = "", password=None) -> str:
private_key = _parse_ssh_private_key(text, password=password) private_key = _parse_ssh_private_key(text, password=password)
if private_key is None: if private_key is None:
return "" return ""
public_key_bytes = private_key.public_key().public_bytes(serialization.Encoding.OpenSSH, public_key_bytes = private_key.public_key().public_bytes(
serialization.PublicFormat.OpenSSH) serialization.Encoding.OpenSSH,
serialization.PublicFormat.OpenSSH)
return public_key_bytes.decode('utf-8') return public_key_bytes.decode('utf-8')
@ -186,13 +186,18 @@ def _parse_ssh_private_key(text, password=None):
return None return None
try: try:
private_key = serialization.load_ssh_private_key(text, password=password) if is_openssh_format_key(text):
return private_key return serialization.load_ssh_private_key(text, password=password)
return serialization.load_pem_private_key(text, password=password)
except (ValueError, TypeError): except (ValueError, TypeError):
pass pass
return None return None
def is_openssh_format_key(text: bytes):
return text.startswith(b"-----BEGIN OPENSSH PRIVATE KEY-----")
def validate_ssh_public_key(text): def validate_ssh_public_key(text):
ssh = sshpubkeys.SSHKey(text) ssh = sshpubkeys.SSHKey(text)
try: try: