[paramiko] validating openssh public key
james bardin
jbardin at bu.edu
Mon Mar 2 16:34:33 PST 2009
Oh, and forgot to mention, that this only works with openssh public
keys, and not the rfc4716 SSH2 format. No big deal, because openssh,
and paramiko don't work with SSH2 format keys directly either.
and if you want, here's how you unpack the int from the head of the stream:
import struct
struct.unpack('>I', data[:4])[0]
-jim
On Mon, Mar 2, 2009 at 7:21 PM, james bardin <jbardin at bu.edu> wrote:
> Hi Jonathan,
>
> 2009/3/2 Jon Sabo <jonathan.sabo at gmail.com>:
>> List,
>>
>> Are there any parts of paramiko that can assist in validating openssh public
>> keys? I wrote a simple menu system to allow myself (or others) to paste in
>> a public key and have it written to a file. I want to be able to validate
>> certain properties of the public key like number of bits, type (dsa,rsa),
>> and make sure its in the correct format. Any advice, tips, code, links...?
>>
>
>
> Had a little more time to look into this, and this is what paramiko checks:
>
> The data portion of the keyfile is decoded from base64, or it fails
> with a base64.binascii.Error
> The first 4 bytes are unpacked (an int), and returns 7, which is the
> length of the following string (I guess this could change, but we only
> support ssh-rsa and ssh-dss, both 7 characters).
>
> so basically:
>
> In [21]: openssh_pubkey = open('keyfile').read()
> In [22]: type, key_string, comment = openssh_pubkey.split()
> In [23]: data = base64.decodestring(key_string)
> In [24]: data[4:11] == type
> Out[24]: True
>
> -jim
>
--
James Bardin <jbardin at bu.edu>
Systems Analyst / Administrator
Boston University
More information about the paramiko
mailing list