Skip to content

Sanitize SSH key whitespace to prevent validation errors #16179

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
joeywashburn wants to merge 1 commit into
base: devel
Choose a base branch
from
Open

Sanitize SSH key whitespace to prevent validation errors #16179

joeywashburn wants to merge 1 commit into from

Conversation

@joeywashburn
Copy link

@joeywashburn joeywashburn commented Nov 15, 2025

Strip leading and trailing whitespace from SSH keys in validate_ssh_private_key() to handle common copy-paste scenarios where hidden newlines cause base64 decoding failures.

Problem

Users encounter confusing HTTP 500 errors when creating credentials with SSH keys that contain hidden newline characters from copy-paste operations. The error manifests as binascii.Error: Incorrect padding in server logs, but users only see a generic 500 error.

Changes

  • Added data.strip() in validate_ssh_private_key() before calling validate_pem() (awx/main/validators.py:185)
  • Added test_ssh_key_with_whitespace() to verify keys with leading/trailing newlines are properly sanitized and validated (awx/main/tests/unit/test_validators.py:135-151)

Testing

  • All existing validator tests pass (48 tests)
  • New test verifies SSH keys with leading/trailing whitespace are accepted
  • Invalid keys are still properly rejected (validated with existing tests)

Impact

This prevents the confusing "HTTP 500: Internal Server Error" when users paste SSH keys with accidental whitespace, improving the user experience without weakening validation.

Fixes #14219

@joeywashburn
Sanitize SSH key whitespace to prevent validation errors
6aeb048 
Strip leading and trailing whitespace from SSH keys in validate_ssh_private_key()
to handle common copy-paste scenarios where hidden newlines cause base64 decoding
failures.

Changes:
- Added data.strip() in validate_ssh_private_key() before calling validate_pem()
- Added test_ssh_key_with_whitespace() to verify keys with leading/trailing
  newlines are properly sanitized and validated

This prevents the confusing "HTTP 500: Internal Server Error" and
"binascii.Error: Incorrect padding" errors when users paste SSH keys with
accidental whitespace.

Fixes ansible#14219

Signed-off-by: Joey Washburn <[email protected]>
@joeywashburn joeywashburn force-pushed the fix-ssh-key-whitespace branch from 532137e to 6aeb048 Compare November 15, 2025 02:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

community component:api

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

AWX Credential Create: ssh_key_data fails to detect/sanitize newlines in keys and 500's with no useable output

1 participant

@joeywashburn