24
DISABLE_ROOT_OPTS="no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command=\"echo \'Please login as the user \\\"$USER\\\" rather than the user \\\"root\\\".\';echo;sleep 10\""
29
def handle(_name,cfg,cloud,log,_args):
24
DISABLE_ROOT_OPTS = "no-port-forwarding,no-agent-forwarding," \
25
"no-X11-forwarding,command=\"echo \'Please login as the user \\\"$USER\\\" " \
26
"rather than the user \\\"root\\\".\';echo;sleep 10\""
29
def handle(_name, cfg, cloud, log, _args):
33
31
# remove the static keys from the pristine image
34
32
if cfg.get("ssh_deletekeys", True):
35
33
for f in glob.glob("/etc/ssh/ssh_host_*key*"):
39
if cfg.has_key("ssh_keys"):
40
40
# if there are keys in cloud-config, use them
42
"rsa_private" : ("/etc/ssh/ssh_host_rsa_key", 0600),
43
"rsa_public" : ("/etc/ssh/ssh_host_rsa_key.pub", 0644),
44
"dsa_private" : ("/etc/ssh/ssh_host_dsa_key", 0600),
45
"dsa_public" : ("/etc/ssh/ssh_host_dsa_key.pub", 0644),
46
"ecdsa_private" : ("/etc/ssh/ssh_host_ecdsa_key", 0600),
47
"ecdsa_public" : ("/etc/ssh/ssh_host_ecdsa_key.pub", 0644),
42
"rsa_private": ("/etc/ssh/ssh_host_rsa_key", 0600),
43
"rsa_public": ("/etc/ssh/ssh_host_rsa_key.pub", 0644),
44
"dsa_private": ("/etc/ssh/ssh_host_dsa_key", 0600),
45
"dsa_public": ("/etc/ssh/ssh_host_dsa_key.pub", 0644),
46
"ecdsa_private": ("/etc/ssh/ssh_host_ecdsa_key", 0600),
47
"ecdsa_public": ("/etc/ssh/ssh_host_ecdsa_key.pub", 0644),
50
for key,val in cfg["ssh_keys"].items():
51
if key2file.has_key(key):
52
util.write_file(key2file[key][0],val,key2file[key][1])
50
for key, val in cfg["ssh_keys"].items():
52
util.write_file(key2file[key][0], val, key2file[key][1])
54
priv2pub = { 'rsa_private':'rsa_public', 'dsa_private':'dsa_public',
55
'ecdsa_private': 'ecdsa_public', }
54
priv2pub = {'rsa_private': 'rsa_public', 'dsa_private': 'dsa_public',
55
'ecdsa_private': 'ecdsa_public', }
57
57
cmd = 'o=$(ssh-keygen -yf "%s") && echo "$o" root@localhost > "%s"'
58
for priv,pub in priv2pub.iteritems():
59
if pub in cfg['ssh_keys'] or not priv in cfg['ssh_keys']: continue
60
pair=(key2file[priv][0], key2file[pub][0])
58
for priv, pub in priv2pub.iteritems():
59
if pub in cfg['ssh_keys'] or not priv in cfg['ssh_keys']:
61
pair = (key2file[priv][0], key2file[pub][0])
61
62
subprocess.call(('sh', '-xc', cmd % pair))
62
63
log.debug("generated %s from %s" % pair)
64
65
# if not, generate them
65
66
for keytype in util.get_cfg_option_list_or_str(cfg, 'ssh_genkeytypes',
66
['rsa', 'dsa', 'ecdsa']):
67
['rsa', 'dsa', 'ecdsa']):
67
68
keyfile = '/etc/ssh/ssh_host_%s_key' % keytype
68
69
if not os.path.exists(keyfile):
69
70
subprocess.call(['ssh-keygen', '-t', keytype, '-N', '',
72
73
util.restorecon_if_possible('/etc/ssh', recursive=True)
75
user = util.get_cfg_option_str(cfg,'user')
76
user = util.get_cfg_option_str(cfg, 'user')
76
77
disable_root = util.get_cfg_option_bool(cfg, "disable_root", True)
77
78
disable_root_opts = util.get_cfg_option_str(cfg, "disable_root_opts",
79
80
keys = cloud.get_public_ssh_keys()
81
if cfg.has_key("ssh_authorized_keys"):
82
if "ssh_authorized_keys" in cfg:
82
83
cfgkeys = cfg["ssh_authorized_keys"]
83
84
keys.extend(cfgkeys)
85
apply_credentials(keys,user,disable_root, disable_root_opts)
86
apply_credentials(keys, user, disable_root, disable_root_opts, log)
88
89
log.warn("applying credentials failed!\n")
90
def apply_credentials(keys, user, disable_root, disable_root_opts=DISABLE_ROOT_OPTS, log=global_log):
92
def apply_credentials(keys, user, disable_root,
93
disable_root_opts=DISABLE_ROOT_OPTS, log=None):
93
96
sshutil.setup_user_keys(keys, user, '', log)
96
99
key_prefix = disable_root_opts.replace('$USER', user)
100
103
sshutil.setup_user_keys(keys, 'root', key_prefix, log)