def can_connect_passwordless(hostname):
"""
Ensure that current host can SSH remotely to the remote
host using the ``BatchMode`` option to prevent a password prompt.
That attempt will error with an exit status of 255 and a ``Permission
denied`` message or a``Host key verification failed`` message.
"""
# Ensure we are not doing this for local hosts
if not remoto.backends.needs_ssh(hostname):
return True
logger = logging.getLogger(hostname)
with get_local_connection(logger) as conn:
# Check to see if we can login, disabling password prompts
command = ['ssh', '-CT', '-o', 'BatchMode=yes', hostname, 'true']
out, err, retval = remoto.process.check(conn,
command,
stop_on_error=False)
permission_denied_error = 'Permission denied '
host_key_verify_error = 'Host key verification failed.'
has_key_error = False
for line in err:
if permission_denied_error in line or host_key_verify_error in line:
has_key_error = True
if retval == 255 and has_key_error:
return False
return True
def can_connect_passwordless(hostname):
"""
Ensure that current host can SSH remotely to the remote
host using the ``BatchMode`` option to prevent a password prompt.
That attempt will error with an exit status of 255 and a ``Permission
denied`` message.
"""
# Ensure we are not doing this for local hosts
if not needs_ssh(hostname):
return True
logger = logging.getLogger(hostname)
with get_local_connection(logger) as conn:
# Check to see if we can login, disabling password prompts
command = ['ssh', '-CT', '-o', 'BatchMode=yes', hostname]
out, err, retval = process.check(conn, command, stop_on_error=False)
expected_error = 'Permission denied (publickey,password)'
has_key_error = False
for line in err:
if expected_error in line:
has_key_error = True
if retval == 255 and has_key_error:
return False
return True
def ssh_copy_keys(hostname, username=None):
LOG.info("making sure passwordless SSH succeeds")
if ssh.can_connect_passwordless(hostname):
return
LOG.warning("could not connect via SSH")
# Create the key if it doesn't exist:
id_rsa_pub_file = os.path.expanduser(u"~/.ssh/id_rsa.pub")
id_rsa_file = id_rsa_pub_file.split(".pub")[0]
if not os.path.exists(id_rsa_file):
LOG.info("creating a passwordless id_rsa.pub key file")
with get_local_connection(LOG) as conn:
remoto.process.run(conn, ["ssh-keygen", "-t", "rsa", "-N", "", "-f", id_rsa_file])
# Get the contents of id_rsa.pub and push it to the host
LOG.info("will connect again with password prompt")
distro = hosts.get(hostname, username) # XXX Add username
auth_keys_path = ".ssh/authorized_keys"
if not distro.conn.remote_module.path_exists(auth_keys_path):
distro.conn.logger.warning(".ssh/authorized_keys does not exist, will skip adding keys")
else:
LOG.info("adding public keys to authorized_keys")
with open(os.path.expanduser("~/.ssh/id_rsa.pub"), "r") as id_rsa:
contents = id_rsa.read()
distro.conn.remote_module.append_to_file(auth_keys_path, contents)
distro.conn.exit()
def ssh_copy_keys(hostname, username=None):
LOG.info('making sure passwordless SSH succeeds')
if ssh.can_connect_passwordless(hostname):
return
LOG.warning('could not connect via SSH')
# Create the key if it doesn't exist:
id_rsa_pub_file = os.path.expanduser(u'~/.ssh/id_rsa.pub')
id_rsa_file = id_rsa_pub_file.split('.pub')[0]
if not os.path.exists(id_rsa_file):
LOG.info('creating a passwordless id_rsa.pub key file')
with get_local_connection(LOG) as conn:
remoto.process.run(
conn,
[
'ssh-keygen',
'-t',
'rsa',
'-N',
"",
'-f',
id_rsa_file,
]
)
# Get the contents of id_rsa.pub and push it to the host
LOG.info('will connect again with password prompt')
distro = hosts.get(hostname, username, detect_sudo=False)
auth_keys_path = '.ssh/authorized_keys'
if not distro.conn.remote_module.path_exists(auth_keys_path):
distro.conn.logger.warning(
'.ssh/authorized_keys does not exist, will skip adding keys'
)
else:
LOG.info('adding public keys to authorized_keys')
with open(os.path.expanduser('~/.ssh/id_rsa.pub'), 'r') as id_rsa:
contents = id_rsa.read()
distro.conn.remote_module.append_to_file(
auth_keys_path,
contents
)
distro.conn.exit()
def ssh_copy_keys(hostname, username=None):
LOG.info('making sure passwordless SSH succeeds')
if ssh.can_connect_passwordless(hostname):
return
LOG.warning('could not connect via SSH')
# Create the key if it doesn't exist:
id_rsa_pub_file = os.path.expanduser(u'~/.ssh/id_rsa.pub')
id_rsa_file = id_rsa_pub_file.split('.pub')[0]
if not os.path.exists(id_rsa_file):
LOG.info('creating a passwordless id_rsa.pub key file')
with get_local_connection(LOG) as conn:
remoto.process.run(
conn,
[
'ssh-keygen',
'-t',
'rsa',
'-N',
"",
'-f',
id_rsa_file,
]
)
# Get the contents of id_rsa.pub and push it to the host
LOG.info('will connect again with password prompt')
distro = hosts.get(hostname, username) # XXX Add username
auth_keys_path = '.ssh/authorized_keys'
if not distro.conn.remote_module.path_exists(auth_keys_path):
distro.conn.logger.warning(
'.ssh/authorized_keys does not exist, will skip adding keys'
)
else:
LOG.info('adding public keys to authorized_keys')
with open(os.path.expanduser('~/.ssh/id_rsa.pub'), 'r') as id_rsa:
contents = id_rsa.read()
distro.conn.remote_module.append_to_file(
auth_keys_path,
contents
)
distro.conn.exit()
