[Bug]: step ssh inspect crashes when asked about a symlink to a *.pub file

[rwv37]

Steps to Reproduce

Make a *.pub SSH file. Make a symlink to it. Use step ssh inspect, specifying the symlink.

Your Environment

• OS - FreeBSD 14.0-RELEASE-p6 amd64
• step-ca Version - 0.26.0

Expected Behavior

I expected it to show information about the *.pub file.

Actual Behavior

It crashes. Stack trace:

illegal base64 data at input byte 0
error parsing ssh certificate
github.com/smallstep/cli/command/ssh.inspectAction
        github.com/smallstep/cli/command/ssh/inspect.go:92
github.com/smallstep/cli/command/ssh.init.0.inspectCommand.ActionFunc.func3
        go.step.sm/[email protected]/command/command.go:37
github.com/urfave/cli.HandleAction
        github.com/urfave/[email protected]/app.go:522
github.com/urfave/cli.Command.Run
        github.com/urfave/[email protected]/command.go:175
github.com/urfave/cli.(*App).RunAsSubcommand
        github.com/urfave/[email protected]/app.go:405
github.com/urfave/cli.Command.startApp
        github.com/urfave/[email protected]/command.go:380
github.com/urfave/cli.Command.Run
        github.com/urfave/[email protected]/command.go:103
github.com/urfave/cli.(*App).Run
        github.com/urfave/[email protected]/app.go:277
main.main
        github.com/smallstep/cli/cmd/step/main.go:124
runtime.main
        runtime/proc.go:267
runtime.goexit
        runtime/asm_amd64.s:1650

Additional Context

It works fine if I specify the actual *.pub file rather than the symlink to it.

Contributing

Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

[marten-seemann]

I was unable to reproduce this failure. Here's what I did:

ssh-keygen -f mykey # creates mykey and mykey.pub
ssh-keygen -s mykey -I 1234 mykey.pub # creates mykey-cert.pub
ln -s mykey-cert.pub mykey-cert-symlink.pub

Both step ssh inspect mykey-cert.pub and step ssh inspect mykey-cert-symlink.pub work, and generate the same output. I tried this on both macOS and on Ubuntu.

@rwv37 Can you check if it works for you with these commands? This could be a FreeBSD-specific problem, but I'd have to set up a virtual machine to debug this further, so I'd like to check this first. If it does work, can you share how you create *.pub SSH file that leads to the crash?

[hslatman]

@marten-seemann also try this, which is doing a slightly different thing (operating on the key, instead of the cert)

$ ln -s mykey.pub mykey-symlink.pub
$ step ssh inspect mykey.pub
error decoding ssh certificate: *ssh.rsaPublicKey is not an *ssh.Certificate
exit status 1

That is expected behavior, currently. It would be nice to print SSH public key info, but that's a different issue.

@rwv37 can you verify that the contents of the .pub are the same if you read them directly and when through the symlink?