From 54538ed8914d65fc752f41ace708a046179528e6 Mon Sep 17 00:00:00 2001
From: Sunil Mohan Adapa <sunil@medhas.org>
Date: Fri, 20 Dec 2024 17:04:18 -0800
Subject: [PATCH] backups: Fix issue with verifying remote server identity

- The output of ssh-keyscan scan contain comments that start with '#'. When
these are present, they are incorrectly assumed to be valid keys. Ignore these
lines.

Tests:

- Output of ssh-keyscan with latest OpenSSH in Debian testing contains comments.
Trying to verify the identity of the remove host without the patch fails when
adding remote backup repository. When patch is applied, it works (except RSA
key).

Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
---
 plinth/modules/backups/forms.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/plinth/modules/backups/forms.py b/plinth/modules/backups/forms.py
index c00d32d64..7b382f607 100644
--- a/plinth/modules/backups/forms.py
+++ b/plinth/modules/backups/forms.py
@@ -292,7 +292,8 @@ class VerifySshHostkeyForm(forms.Form):
         keyscan = subprocess.run(['ssh-keyscan', hostname],
                                  stdout=subprocess.PIPE,
                                  stderr=subprocess.PIPE, check=False)
-        keys = keyscan.stdout.decode().splitlines()
+        key_lines = keyscan.stdout.decode().splitlines()
+        keys = [line for line in key_lines if not line.startswith('#')]
         error_message = keyscan.stderr.decode() if keyscan.returncode else None
         # Generate user-friendly fingerprints of public keys
         keygen = subprocess.run(['ssh-keygen', '-l', '-f', '-'],