Add validate_ssh_public_keys

validate format of SSH public keys using ssh-keygen -l and
temp files.

diff --git a/src/PVE/Tools.pm b/src/PVE/Tools.pm
index 6627210566e3d5ed3d909afdb46e97176833d49f..3f20868df27b053c94c9a47475409741983aaff7 100644 (file)
--- a/src/PVE/Tools.pm
+++ b/src/PVE/Tools.pm
@@ -1307,4 +1307,19 @@ sub tempfile_contents {
     return ("/proc/$$/fd/".$fh->fileno, $fh);
 }
 
     return ("/proc/$$/fd/".$fh->fileno, $fh);
 }
 

+sub validate_ssh_public_keys {
+    my ($raw) = @_;
+    my @lines = split(/\n/, $raw);
+
+    foreach my $line (@lines) {
+       next if $line =~ m/^\s*$/;
+       eval {
+           my ($filename, $handle) = tempfile_contents($line);
+           run_command(["ssh-keygen", "-l", "-f", $filename],
+                       outfunc => sub {}, errfunc => sub {});
+       };
+       die "SSH public key validation error\n" if $@;
+    }
+}
+

 1;
 1;