6:49 p.m.
From: Daniel Henrique Barboza <danielhb(a)linux.vnet.ibm.com>
Running ssh-keygen as root (or with sudo) will always generated
a ssh-key binded to the user 'root' under /root/.ssh dir. This
patch makes the following changes in the ssh-key generation
process when the user is not 'root':
- ssh-keygen now always generate the key under /home/<user>/.ssh
- the generated .pub file is edited, changing 'root@...' to
'user@...'
- file permissions are changed accordingly to the new generated
key files (both private and public).
Signed-off-by: Daniel Henrique Barboza <danielhb(a)linux.vnet.ibm.com>
---
model/vms.py | 44 ++++++++++++++++++++++++++++++--------------
1 file changed, 30 insertions(+), 14 deletions(-)
diff --git a/model/vms.py b/model/vms.py
index 209b41b..b702fe1 100644
--- a/model/vms.py
+++ b/model/vms.py
@@ -23,6 +23,7 @@ import lxml.etree as ET
import os
import paramiko
import platform
+import pwd
import random
import socket
import subprocess
@@ -1757,26 +1758,41 @@ class VMModel(object):
ssh_port = 22
ssh_client = None
- def create_root_ssh_key_if_required():
- if not os.path.isfile(id_rsa_pub_file):
-
- with open("/dev/zero") as zero_input:
- cmd = ['ssh-keygen', '-q', '-N', '',
'-f', id_rsa_file]
- proc = subprocess.Popen(
- cmd,
- stdin=zero_input,
- stdout=open(os.devnull, 'wb')
- )
- out, err = proc.communicate()
- if not os.path.isfile(id_rsa_pub_file):
- raise OperationFailed("KCHVM0070E")
-
def read_id_rsa_pub_file():
data = None
with open(id_rsa_pub_file, "r") as id_file:
data = id_file.read()
return data
+ def create_root_ssh_key_if_required():
+ if os.path.isfile(id_rsa_pub_file):
+ return
+
+ with open("/dev/zero") as zero_input:
+ cmd = ['ssh-keygen', '-q', '-N', '',
'-f', id_rsa_file]
+ proc = subprocess.Popen(
+ cmd,
+ stdin=zero_input,
+ stdout=open(os.devnull, 'wb')
+ )
+ out, err = proc.communicate()
+
+ if not os.path.isfile(id_rsa_pub_file):
+ raise OperationFailed("KCHVM0070E")
+
+ if user is not 'root':
+ id_rsa_content = read_id_rsa_pub_file()
+ updated_content = id_rsa_content.replace(
+ ' root@', ' %s@' % user
+ )
+ with open(id_rsa_pub_file, 'w+') as f:
+ f.write(updated_content)
+
+ user_uid = pwd.getpwnam(user).pw_uid
+ user_gid = pwd.getpwnam(user).pw_gid
+ os.chown(id_rsa_pub_file, user_uid, user_gid)
+ os.chown(id_rsa_file, user_uid, user_gid)
+
def get_ssh_client(remote_host, user, passwd):
ssh_client = paramiko.SSHClient()
ssh_client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
--
2.7.4