So… I am a little very frustrated at gitosis. But first things first…

Yesterday I’ve been finishing the configuration on my new laptop. Installing some software and such. I will post a report on that later. This afternoon, I’ve been backupping my old laptop. I took an imagine of the Windows partition, and made a tarball of the linux root file system. Earlier I’ve already made a backup of the home partition.

So, I can start opening the old laptop, and remove all the dust from it. When that’s done, it will be completely reinstalled. Actually, I was thinking about just putting a copy of the root file system from my new laptop on the old one, and then just make two required modifications: setting the hostname and creating a new fstab (as it’s UUID based)

But that’s not what my frustrations are about. This afternoon, I wanted to work on my OAuth WordPress plugin. Still a few things to be done before it can be released. Well… in order to work on my source I need to access the git. I am using gitosis to manage access to my repository. Therefore I need to add the SSH public key from my new laptop into it’s access control list. Since all my computers are in the gitosis system, I logged into my raspberry pi server, and attempted to add the said key.

[andre@rpi-server keydir]$ git push
Counting objects: 5, done.
Compressing objects: 100% (3/3), done.
Writing objects: 100% (3/3), 338 bytes | 0 bytes/s, done.
Total 3 (delta 1), reused 0 (delta 0)
remote: WARNING:gitosis.ssh:Unsafe SSH username in keyfile: 'andre@8570w.pub'
To gitosis@blaatschaap.be:gitosis-admin.git
   345de48..f110208  master -> master

Unsafe SSH username, and the key is not added. What the fuck. I started googling, and it suggested the “username” gitosis complains about is the past part of the keyfile. (This is just an arbitrary string, a comment, to identify the key to a user looking at the string, and it not used by the machine.)

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCbkYGFFpgrYZKy2eJIdSIebvuqaBhW96owRD7WT5MgwUXVtv76NeTJHgoZbUM7/zex+DV4tZwxkTZMQ8yXUmmqdrjYdHSlkxekcE7uvX0Xul0sRywm/Qfbdlu/DQeuTorhY5zb/Zx6TNXR+zw5KKlTPbnTEIXDwqh9kpenQR0auWL24/UQjoC9hTZavxY3cQlMEABGyfyTx7xnxQFZZGZ7h5x+OOWraXY6eYw2eHV53M+eSEIqFJz3LTD4tSl4svWNHTMz7EEfKpO5FmGjwJKIz8RYQiutCmz4bfziIbZvGYJGnUl/u/UlgtdkxaMjvPkZCmnWB+nqtLre2RFKQOWz andre@8570w

But even changing that to, for example andre@hpnew.blaatschaap.be or whatever I tried. (Trying a FQDN formatted hostname as last attempt) Everything I tried, it kept complaining. As last resort I simply disabled the checking for the name. This is done in /usr/share/pyshared/gitosis/ssh.py
I have replaced

def isSafeUsername(user):
    match = _ACCEPTABLE_USER_RE.match(user)
    return (match is not None)

by

def isSafeUsername(user):
    return (True)

So, my key would be accepted regardless this “username”. But really, I’ve tried anything… I don’t get it.

Well… looking at what _ACCEPTABLE_USER_RE.match(user) is:

_ACCEPTABLE_USER_RE = re.compile(r'^[a-zA-Z][a-zA-Z0-9_.-]*(@[a-zA-Z][a-zA-Z0-9.-]*)?$')

I am not familiar with python, but, it looks like a regluar expression saying the hostname should start with a letter, which was not the case for my hostname. But, I’ve tried many variants, including plenty that should just pass this little test. So… I don’t get the problem, and I’ve been pulling my hair out. Well… I just disabled the silly little test and got access to my reposiroty.

The crazy thing is, I’ve not only added my laptop, but also another ssh account at my server, which I use for development, right in the shell, which got accepted without a complaint. Really…. what the fuck.

Update: ran this test, and expected, hpnew.blaatschaap.be is accepted just fine by this test.

andre@blaatschaap:~$ cat test.py 
import re

_ACCEPTABLE_USER_RE = re.compile(r'^[a-zA-Z][a-zA-Z0-9_.-]*(@[a-zA-Z][a-zA-Z0-9.-]*)?$')

def isSafeUsername(user):
    match = _ACCEPTABLE_USER_RE.match(user)
    return (match is not None)


if isSafeUsername("andre@blaatschaap.be"):
    print "ok"
else:
    print "nak"

if isSafeUsername("andre@hpnew.blaatschaap.be"):
    print "ok"
else:
    print "nak"

if isSafeUsername("andre@8570w"):
    print "ok"
else:
    print "nak"

andre@blaatschaap:~$ python test.py 
ok
ok
nak

Therefore I wonder, is this “username” it complains about something else? Encoded in the base64 string? I thought that was the key only….

« »