auth: Fix multiple 'sk' keys configured, fails on first #13
Conversation
|
merf. f^%$#ing GitHub. I was testing out signed commits on my fork of your repo. It decided to be helpful and open the PR on your repo. sigh. oh well, let me know if you want any changes. I could easily omit the 'sk' restriction to retry, as other SSH tools aren't that strict, but want to default conservative on the first pass. |
|
Hi! This is brilliant, and exactly the kind of usability improvements that I would like to add. I'd like the following, if you have the time to update your PR:
If you don't have the bandwidth to make these changes I would be happy to land your change as-is and make the suggested changes on top of it. |
|
I'm a little rusty with rust (ha!), but most of that should be easy. I'll update what I can and see how it looks. Out of curiosity (I'm old-school git, not too familiar with GitHub), I just force-push the branch to update this PR, correct? |
jac-cbi
force-pushed
the
fix/multiple_sk_keys
branch
2 times, most recently
from
af738ae
to
36c30c4
Compare
|
Ok, sorry for the double-force. I forgot that rebase blows out the commit signatures... With this version of the branch, prior to the fix commit, we get the following, as expected: $ cargo test -- --show-output
...
Running tests/sk_not_present.rs (target/debug/deps/sk_not_present-5eb4af9fc80a4a5e)
running 1 test
test test_sk_not_present ... FAILED
successes:
successes:
failures:
---- test_sk_not_present stdout ----
DEBUG: found a matching key: SHA256:1UwbHkBzDpgQWYVRkrZRHKRx9n0Gzfld+alc8pD7jwg
thread 'test_sk_not_present' panicked at tests/sk_not_present.rs:71:71:
called `Result::unwrap()` on an `Err` value: The remote ssh agent returned the failure message
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
failures:
test_sk_not_present
test result: FAILED. 0 passed; 1 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.00s
...After the fix commit: $ cargo test -- --show-output
...
Running tests/sk_not_present.rs (target/debug/deps/sk_not_present-5eb4af9fc80a4a5e)
running 1 test
test test_sk_not_present ... ok
successes:
---- test_sk_not_present stdout ----
DEBUG: found a matching key: SHA256:1UwbHkBzDpgQWYVRkrZRHKRx9n0Gzfld+alc8pD7jwg
DEBUG: SSHAgent: RemoteFailure; trying next key
DEBUG: found a matching key: SHA256:5RBDOSvATUadn+TDt8S320/ozyfQqY525Cv70tGwCOE
successes:
test_sk_not_present
test result: ok. 1 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.01s
... |
There was a problem hiding this comment.
Thank you for spending the time addressing my comments, I am genuinely happy that someone got around to play around with my code. Please see some minor comments below.
Also, I'd like all these changes to go in as a single commit, to have the git log be neat and tidy, so please sqash them into one and force push onto your PR branch
jac-cbi
force-pushed
the
fix/multiple_sk_keys
branch
from
36c30c4
to
9412695
Compare
|
yup, good catch with the test case, I def over-engineered that pig 😂 |
|
And now its just some tiny rustfmt fixes and a trivial clippy thing to address :) |
|
hmm, I did neglect to run rustfmt this last pass, but it did pass before.. I'll check both and re-push |
jac-cbi
force-pushed
the
fix/multiple_sk_keys
branch
from
9412695
to
c663766
Compare
|
ok, should pass now. |
|
so close. It is a bit obnoxious with the automated tests, but on the other hand it brings some value. Let me create a Makefile target that runs the same checks locally as is done by the github action, and the process should be a bit smoother next time |
|
I just landed a |
When a user has configured two or more 'sk' keys, eg Yubikeys, pam-ssh-agent will fail if the first configured key isn't currently plugged in. Standard SSH utilities gracefully try the next key in this situation, so we should too. This is very helpful for users attempting to dogfood their backup key. ;-) We correct this failure by catching the error, and trying the next key. Signed-off-by: Jason Cooper <[email protected]>
jac-cbi
force-pushed
the
fix/multiple_sk_keys
branch
from
c663766
to
730c1e5
Compare
|
I love that cargo fmt removed the assert_eq(true ... in one round, then in the next round put it on a single line... sigh. 🤣 Ran |
|
🥳 |
When a user has configured two or more 'sk' keys, eg Yubikeys, pam-ssh-agent will fail if the first configured key isn't currently plugged in.
Standard SSH utilities gracefully try the next key in this situation, so we should too. This is very helpful for users attempting to dogfood their backup key. ;-)
We correct this failure by catching the error, and trying the next key IFF the failed key was of the 'sk' type.