Use regular expression instead of split when replacing authorized_keys

In some cases (e.g. Ubuntu cloud-init) authorized_keys may contain quoted spaces as part of options: `no-port-forwarding,no-agent-forwarding,no-X11-forwarding,com‌mand="echo 'Please login as the user \"ubuntu\" rather than the user \"root\".';echo;sleep 10" ssh-rsa xxxxxx` which confused the split in _replace_auth_key() in modules/ssh.py.
2025-04-17 10:10:20 +00:00 · 2017-03-06 18:36:04 +01:00 · 2017-03-06 18:36:04 +01:00 · d4a3c8a66a
commit d4a3c8a66a
parent 9c4292fb4e
1 changed files with 3 additions and 10 deletions
--- a/salt/modules/ssh.py
+++ b/salt/modules/ssh.py
@ -149,15 +149,8 @@ def _replace_auth_key(
                    # Commented Line
                    lines.append(line)
                    continue
-                comps = line.split()
-                if len(comps) < 2:
-                    # Not a valid line
-                    lines.append(line)
-                    continue
-                key_ind = 1
-                if comps[0][:4:] not in ['ssh-', 'ecds']:
-                    key_ind = 2
-                if comps[key_ind] == key:
+                comps = re.findall(r'((.*)\s)?(ssh-[a-z0-9-]+|ecdsa-[a-z0-9-]+)\s([a-zA-Z0-9+/]+={0,2})(\s(.*))?', line)
+                if comps[0][3] == key:
                    lines.append(auth_line)
                else:
                    lines.append(line)
@ -1255,4 +1248,4 @@ def key_is_encrypted(key):
    if not is_private_key:
        raise CommandExecutionError('{0} is not a private key'.format(key))

-    return is_encrypted
+    return is_encrypted