assistant: Fix local pairing to not include newline in ssh pubkey, which is rejected on the other end for security reasons.

Assistant/WebApp/Configurators/Pairing.hs

@@ -223,11 +223,12 @@ startLocalPairing stage oncancel alert muuid displaysecret secret = do
 	 - background. -}
 	thread <- liftAssistant $ asIO $ do
 		keypair <- liftIO $ genSshKeyPair
+		let pubkey = either error id $ validateSshPubKey $ sshPubKey keypair
 		pairdata <- liftIO $ PairData
 			<$> getHostname
 			<*> myUserName
 			<*> pure reldir
-			<*> pure (sshPubKey keypair)
+			<*> pure pubkey
 			<*> (maybe genUUID return muuid)
 		let sender = multicastPairMsg Nothing secret pairdata
 		let pip = PairingInProgress secret Nothing keypair pairdata stage

debian/changelog

@@ -4,6 +4,8 @@ git-annex (5.20150618) UNRELEASED; urgency=medium
   * assistant --autostart: First any daemons that are already running,
     which might be left over from a previous login session and so unable to
     use the ssh agent of a new login session.
+  * assistant: Fix local pairing to not include newline in ssh pubkey,
+    which is rejected on the other end for security reasons.
 
  -- Joey Hess <id@joeyh.name>  Thu, 02 Jul 2015 12:31:14 -0400
 

doc/bugs/local_pair_fails_if_non-ascii_characters_present_on_annex_path/comment_4_c6d6fa60e71895b7c0c68cc75cd7c5cc._comment

@@ -0,0 +1,17 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 4"""
+ date="2015-07-02T18:32:16Z"
+ content="""
+In comment 2, we see a message containing a ssh key with a newline at the
+end. That is the control character it's objecting to, and it has good
+security reasons to not allow newlines in there (multiline ssh keys could
+result in a ~/.ssh/authorized_keys that runs arbitrary commands).
+
+I was able to reproduce that myself. The problem was that the assistant
+didn't remove newlines when sending the ssh key. Fixed it.
+
+This bug report is **closed**, for the second time.
+If you see this message using any newer version of git-annex,
+please file a new bug report.
+"""]]