Reject ssh keys that break gitolite.

Failing test.

Working check.

app/models/key.rb

@@ -18,7 +18,7 @@ class Key < ActiveRecord::Base
   before_save :set_identifier
   before_validation :strip_white_space
   delegate :name, :email, to: :user, prefix: true
-  validate :unique_key
+  validate :unique_key, :fingerprintable_key
 
   def strip_white_space
     self.key = self.key.strip unless self.key.blank?
@@ -32,6 +32,21 @@ class Key < ActiveRecord::Base
     end
   end
 
+  def fingerprintable_key
+    return true unless key # Don't test if there is no key.
+    # `ssh-keygen -lf /dev/stdin <<< "#{key}"` errors with: redirection unexpected
+    file = Tempfile.new('key_file')
+    begin
+      file.puts key
+      file.rewind
+      fingerprint_output = `ssh-keygen -lf #{file.path} 2>&1` # Catch stderr.
+    ensure
+      file.close
+      file.unlink # deletes the temp file
+    end
+    errors.add(:key, "can't be fingerprinted") if fingerprint_output.match("failed")
+  end
+
   def set_identifier
     if is_deploy_key
       self.identifier = "deploy_" + Digest::MD5.hexdigest(key)