Hi Chris, I don't think we've tried to specifically bound it. In general the assumption has been that the keys it loads would be OpenSSH public keys in the form that you get from an "id_rsa.pub" file (for example).
What do the options look like? Are they put into the line at the end as comments? -Paul (reaperhulk) On August 18, 2016 at 8:15:16 AM, Chris Hines (chris.hi...@monash.edu) wrote: Hi List, I have a question about the function cryptography.hazmat.primatives.serialization.load_ssh_public_key Basically is the function inteornded to load only the public key or is it intended that it be able to process any like out of an authorized_keys_file Source code shows that the function is prepared to strip of the key-type (eg ssh-rsa) and use it for comparison against the inner_key_type but is not prepared to strip off any options that can be passed in an authorized_keys file (For example SSH_FORCE_COMMAND or no-port-forwarding). I ask because the downstream project OpenStack Nova uses load_ssh_public_key to verify contents intended for authorized_keys is valid. Its easy enough to remove ssh options in Nova before passing to load_ssh_public_key, but I though if load_ssh_public_key already deals with the key-type header, perhaps it should also deal with the other options. I can create issues and merge requests if that is helpful, just looking for clarification on the intention (i.e. does load_ssh_public_key load contents intended for authorized_keys or just the public key part) Cheers, -- Chris _______________________________________________ Cryptography-dev mailing list Cryptography-dev@python.org https://mail.python.org/mailman/listinfo/cryptography-dev
_______________________________________________ Cryptography-dev mailing list Cryptography-dev@python.org https://mail.python.org/mailman/listinfo/cryptography-dev
