Hello,
I've noticed that `ssh-keygen -Y find-principals` warns about empty
lines in the allowed signers file, even though the documentation says
they should be treated as comments:
$ ssh-keygen -Y find-principals -f allowed_signers.md -I
wiktor@xxxxxxxxxxxx -n file -s rsa-key.txt.sig < rsa-key.txt
allowed_signers.md:3: missing key <---- here
wiktor@xxxxxxxxxxxx
`-Y verify` doesn't have this issue:
$ ssh-keygen -Y verify -f allowed_signers.md -I wiktor@xxxxxxxxxxxx -n
file -s rsa-key.txt.sig < rsa-key.txt
Good "file" signature for wiktor@xxxxxxxxxxxx with RSA key
SHA256:xb+QgBmoSdveobEdwKqUb3BCk9SLJVxq3Ltu2o/FK7U
The man page documentation for ALLOWED_SIGNERS
(https://man.archlinux.org/man/ssh-keygen.1#ALLOWED_SIGNERS):
> Empty lines and lines starting with a ‘#’ are ignored as comments.
I'm using openssh version 9.6p1-3 as packaged in Arch Linux.
I've made a repo with all keys and files I'm using:
https://github.com/wiktor-k/ssh-repro
Context: I'm using SSH signatures in git and wanted to add a bit of
spacing in the file but then `git log --show-signature` shows all these
warnings which I traced to be coming from `find-principals`:
commit 78bf960bccfd7677a72362ace717027dc4a7151a
Good "git" signature for wiktor@xxxxxxxxxxxx with ECDSA key
SHA256:gp2CMX5++SXkPHiyva6kyhp2ftFo6r1HvYeDPVAxvXc
allowed_signers.md:3: missing key^M
allowed_signers.md:5: missing key^M
allowed_signers.md:7: missing key^M
Is this a minor issue or am I holding it wrong?
Thanks for your time!
Kind regards,
Wiktor
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
