proftpd公钥Comment超长问题

使用proftpd提供sftp服务时，若选择publickey认证方式，当公钥文件中的Comment所在行内容超过74字节时，会使登录时证书认证方式失败。

登录失败时的proftpd日志示例如下：

2017-12-06 20:30:58,324 mod_sftp/0.9.9[1591]: line too long (74) on line 1 of '/usr/proftpd-1.3.5/etc/authorized_keys/app' 2017-12-06 20:30:58,324 mod_sftp/0.9.9[1591]: Make sure that '/usr/proftpd-1.3.5/etc/authorized_keys/app' is a RFC4716 formatted key 2017-12-06 20:30:58,324 mod_sftp/0.9.9[1591]: error base64-decoding key data in '/usr/proftpd-1.3.5/etc/authorized_keys/app' 2017-12-06 20:30:58,324 mod_sftp/0.9.9[1591]: error comparing keys from '/usr/proftpd-1.3.5/etc/authorized_keys/app': Invalid argument 2017-12-06 20:30:58,325 mod_sftp/0.9.9[1591]: sending userauth failure; remaining userauth methods: password

proftpd文档中关于以上问题的说明如下：

Question: I followed the instructions to convert my authorized keys from OpenSSH to RFC4716 format, yet I see the following error in my SFTPLog: mod_sftp/0.9.7[31050]: line too long (74) on line 1 of 'authorized_keys' What can I do to fix this? Answer: OpenSSH's ssh-keygen tool had a bug where the RFC4716 keys it would generate might not comply to the RFC; see the OpenSSH bug filed for this issue. Chances are that the offending line in the RFC4716 key is a "Comment: " header that is too long. Simply delete that "Comment: " line; the mod_sftp ignores this header.

http://www.proftpd.org/docs/contrib/mod_sftp.html

解决办法：

若Comment所在行内容超过74个字节，则需要将该行内容删除，或删除“Comment: "..."”中的描述内容，使该行内容减少至小于等于74个字节。

示例：“Comment: "1024-bit RSA, converted from OpenSSH by app@localhost.localdomain"”内容超为76个字节，则将该行内容删除，或使该行内容小于等于74个字节，如修改为“Comment: "1024-bit RSA, converted from OpenSSH by app@localhost.localdoma"”。