Check ssh key format for 'paste' option.

[bryank-cs]

Please add some logic to the 'paste' option of webroot/panel/account.php that checks for the correct format. A regex seems a bit unwieldy because of the number of prefixes. Checking the return of ssh-keygen -l -f /dev/stdin might be more future proof. This would prevent users from copying the key material without the ssh-rsa or similar at the beginning.

[AryamanAgrawal]

How about a regex like this: /ssh-rsa AAAA[0-9A-Za-z+\/]+[=]{0,3} ([^@]+@[^@]+)#/?

[hakasapl]

A regex is hard for this because the pub key is not necessarily ssh-rsa, could be ssh-dsa, or any number of other things. I think we need to look into how ssh-keygen -l -f /dev/stdin does the check

[AryamanAgrawal]

1. Is there a way to run the command using PHP?
2. Is there a way to connect the input to a python script instead? here
3. The last option is the one mentioned here

Any thoughts would be most helpful!

[hakasapl]

Yes, the command can be run from PHP, but this is not a good implementation. We would need to depend on openssh cli for the web app, which we don't want to do. In general, it's not a great practice to run commands directly from PHP unless absolutely necessary.

For (2), we can't run python from php, but we can adapt this python code to php

For (3), we are making use of the phpseclib library already, so this is my preferred implementation (and the easiest).

[AryamanAgrawal]

Alright. I'm done with the validation part. It works for Private and Public keys, we can also focus it on public or private specifically. However, I'm having trouble with error handling. What's a good way to let the user know that it's an invalid key?
#34