Skip to content

Sanitize SSH key whitespace to prevent validation errors #16179

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
joeywashburn wants to merge 1 commit into
base: devel
Choose a base branch
from
Open

Sanitize SSH key whitespace to prevent validation errors #16179

joeywashburn wants to merge 1 commit into from

Conversation

@joeywashburn
Copy link

@joeywashburn joeywashburn commented Nov 15, 2025
edited by tvo318
Loading

Strip leading and trailing whitespace from SSH keys in validate_ssh_private_key() to handle common copy-paste scenarios where hidden newlines cause base64 decoding failures.

Problem

Users encounter confusing HTTP 500 errors when creating credentials with SSH keys that contain hidden newline characters from copy-paste operations. The error manifests as binascii.Error: Incorrect padding in server logs, but users only see a generic 500 error.

ISSUE TYPE
  • Bug, Docs Fix or other nominal change

Changes

  • Added data.strip() in validate_ssh_private_key() before calling validate_pem() (awx/main/validators.py:185)
  • Added test_ssh_key_with_whitespace() to verify keys with leading/trailing newlines are properly sanitized and validated (awx/main/tests/unit/test_validators.py:135-151)

Testing

  • All existing validator tests pass (48 tests)
  • New test verifies SSH keys with leading/trailing whitespace are accepted
  • Invalid keys are still properly rejected (validated with existing tests)

Impact

This prevents the confusing "HTTP 500: Internal Server Error" when users paste SSH keys with accidental whitespace, improving the user experience without weakening validation.

Fixes #14219
@joeywashburn joeywashburn force-pushed the fix-ssh-key-whitespace branch from 532137e to 6aeb048 Compare November 15, 2025 02:17
@jessicamack jessicamack force-pushed the fix-ssh-key-whitespace branch from 6aeb048 to 718bd39 Compare January 15, 2026 16:43
@tvo318 tvo318 force-pushed the fix-ssh-key-whitespace branch from 718bd39 to 6145b18 Compare January 15, 2026 16:50
@tvo318
Copy link
Member

tvo318 commented Jan 15, 2026

Thanks for your contribution, @joeywashburn. There is a failed CI check that I've cleared by adding the issue type information.
@joeywashburn @jessicamack
Sanitize SSH key whitespace to prevent validation errors
b83daed 
Strip leading and trailing whitespace from SSH keys in validate_ssh_private_key()
to handle common copy-paste scenarios where hidden newlines cause base64 decoding
failures.

Changes:
- Added data.strip() in validate_ssh_private_key() before calling validate_pem()
- Added test_ssh_key_with_whitespace() to verify keys with leading/trailing
  newlines are properly sanitized and validated

This prevents the confusing "HTTP 500: Internal Server Error" and
"binascii.Error: Incorrect padding" errors when users paste SSH keys with
accidental whitespace.

Fixes ansible#14219

Signed-off-by: Joey Washburn <joey@joeywashburn.com>
@jessicamack jessicamack force-pushed the fix-ssh-key-whitespace branch from 6145b18 to b83daed Compare January 21, 2026 14:25
@sonarqubecloud
Copy link

sonarqubecloud bot commented Jan 21, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

community component:api

2 participants

@joeywashburn @tvo318