On Thu, 7 Mar 2024, Wiktor Kwapisiewicz wrote: > Hello, > > I've noticed that `ssh-keygen -Y find-principals` warns about empty > lines in the allowed signers file, even though the documentation says > they should be treated as comments: > > $ ssh-keygen -Y find-principals -f allowed_signers.md -I > wiktor@xxxxxxxxxxxx -n file -s rsa-key.txt.sig < rsa-key.txt > allowed_signers.md:3: missing key <---- here > wiktor@xxxxxxxxxxxx I think this is what is happening: > allowed_signers.md:3: missing key^M You have line feed characters in your allowed_signers file, possibly from editing it on a Windows system. We don't currently ignore this character at the ends of lines. You could try removing them or try this patch: diff --git a/sshsig.c b/sshsig.c index d50d65fe2..145bca862 100644 --- a/sshsig.c +++ b/sshsig.c @@ -747,7 +747,7 @@ parse_principals_key_and_options(const char *path, u_long linenum, char *line, cp = line; cp = cp + strspn(cp, " \t"); /* skip leading whitespace */ - if (*cp == '#' || *cp == '\0') + if (*cp == '#' || *cp == '\0' || strcmp(cp, "\r") == 0) return SSH_ERR_KEY_NOT_FOUND; /* blank or all-comment line */ /* format: identity[,identity...] [option[,option...]] key */ _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
