def testAddingSeveralKeysAtOnce(self):
ssh.AddAuthorizedKeys(self.tmpname, ["aaa", "bbb", "ccc"])
self.assertFileContent(
self.tmpname, "ssh-dss AAAAB3NzaC1w5256closdj32mZaQU root@key-a\n"
'command="/usr/bin/fooserver -t --verbose",from="198.51.100.4"'
" ssh-dss AAAAB3NzaC1w520smc01ms0jfJs22 root@key-b\n"
"aaa\nbbb\nccc\n")
ssh.AddAuthorizedKeys(self.tmpname, ["bbb", "ddd", "eee"])
self.assertFileContent(
self.tmpname, "ssh-dss AAAAB3NzaC1w5256closdj32mZaQU root@key-a\n"
'command="/usr/bin/fooserver -t --verbose",from="198.51.100.4"'
" ssh-dss AAAAB3NzaC1w520smc01ms0jfJs22 root@key-b\n"
"aaa\nbbb\nccc\nddd\neee\n")
def UpdateSshRoot(data, dry_run, _homedir_fn=None):
"""Updates root's SSH keys.
Root's C{authorized_keys} file is also updated with new public keys.
@type data: dict
@param data: Input data
@type dry_run: boolean
@param dry_run: Whether to perform a dry run
"""
authorized_keys = data.get(constants.SSHS_SSH_AUTHORIZED_KEYS)
(auth_keys_file, _) = \
ssh.GetAllUserFiles(constants.SSH_LOGIN_USER, mkdir=True,
_homedir_fn=_homedir_fn)
if dry_run:
logging.info("This is a dry run, not replacing the SSH keys.")
else:
ssh_key_type = data.get(constants.SSHS_SSH_KEY_TYPE)
ssh_key_bits = data.get(constants.SSHS_SSH_KEY_BITS)
common.GenerateRootSshKeys(ssh_key_type,
ssh_key_bits,
error_fn=JoinError,
_homedir_fn=_homedir_fn)
if authorized_keys:
if dry_run:
logging.info("This is a dry run, not modifying %s", auth_keys_file)
else:
all_authorized_keys = []
for keys in authorized_keys.values():
all_authorized_keys += keys
ssh.AddAuthorizedKeys(auth_keys_file, all_authorized_keys)
def testAddingNewKeys(self):
ssh.AddAuthorizedKeys(self.tmpname,
["ssh-dss AAAAB3NzaC1kc3MAAACB root@test"])
self.assertFileContent(self.tmpname,
"ssh-dss AAAAB3NzaC1w5256closdj32mZaQU root@key-a\n"
'command="/usr/bin/fooserver -t --verbose",from="198.51.100.4"'
" ssh-dss AAAAB3NzaC1w520smc01ms0jfJs22 root@key-b\n"
"ssh-dss AAAAB3NzaC1kc3MAAACB root@test\n")
ssh.AddAuthorizedKeys(self.tmpname,
["ssh-dss AAAAB3asdfasdfaYTUCB laracroft@test",
"ssh-dss AasdfliuobaosfMAAACB frodo@test"])
self.assertFileContent(self.tmpname,
"ssh-dss AAAAB3NzaC1w5256closdj32mZaQU root@key-a\n"
'command="/usr/bin/fooserver -t --verbose",from="198.51.100.4"'
" ssh-dss AAAAB3NzaC1w520smc01ms0jfJs22 root@key-b\n"
"ssh-dss AAAAB3NzaC1kc3MAAACB root@test\n"
"ssh-dss AAAAB3asdfasdfaYTUCB laracroft@test\n"
"ssh-dss AasdfliuobaosfMAAACB frodo@test\n")
def testAddingDuplicateKeys(self):
ssh.AddAuthorizedKey(self.tmpname,
"ssh-dss AAAAB3NzaC1kc3MAAACB root@test")
ssh.AddAuthorizedKeys(self.tmpname,
["ssh-dss AAAAB3NzaC1kc3MAAACB root@test",
"ssh-dss AAAAB3NzaC1kc3MAAACB root@test"])
self.assertFileContent(self.tmpname,
"ssh-dss AAAAB3NzaC1w5256closdj32mZaQU root@key-a\n"
'command="/usr/bin/fooserver -t --verbose",from="198.51.100.4"'
" ssh-dss AAAAB3NzaC1w520smc01ms0jfJs22 root@key-b\n"
"ssh-dss AAAAB3NzaC1kc3MAAACB root@test\n")
def UpdateAuthorizedKeys(data, dry_run, _homedir_fn=None):
"""Updates root's C{authorized_keys} file.
@type data: dict
@param data: Input data
@type dry_run: boolean
@param dry_run: Whether to perform a dry run
"""
instructions = data.get(constants.SSHS_SSH_AUTHORIZED_KEYS)
if not instructions:
logging.info("No change to the authorized_keys file requested.")
return
(action, authorized_keys) = instructions
(auth_keys_file, _) = \
ssh.GetAllUserFiles(constants.SSH_LOGIN_USER, mkdir=True,
_homedir_fn=_homedir_fn)
key_values = []
for key_value in authorized_keys.values():
key_values += key_value
if action == constants.SSHS_ADD:
if dry_run:
logging.info("This is a dry run, not adding keys to %s",
auth_keys_file)
else:
if not os.path.exists(auth_keys_file):
utils.WriteFile(auth_keys_file, mode=0600, data="")
ssh.AddAuthorizedKeys(auth_keys_file, key_values)
elif action == constants.SSHS_REMOVE:
if dry_run:
logging.info("This is a dry run, not removing keys from %s",
auth_keys_file)
else:
ssh.RemoveAuthorizedKeys(auth_keys_file, key_values)
else:
raise SshUpdateError(
"Action '%s' not implemented for authorized keys." % action)
def testOtherKeyTypes(self):
key_rsa = "ssh-rsa AAAAimnottypingallofthathere0jfJs22 test@test"
key_ed25519 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOlcZ6cpQTGow0LZECRHWn9"\
"7Yvn16J5un501T/RcbfuF fast@secure"
key_ecdsa = "ecdsa-sha2-nistp256 AAAAE2VjZHNtoolongk/TNhVbEg= secure@secure"
def _ToFileContent(keys):
return '\n'.join(keys) + '\n'
ssh.AddAuthorizedKeys(self.tmpname, [key_rsa, key_ed25519, key_ecdsa])
self.assertFileContent(self.tmpname,
_ToFileContent([self.KEY_A, self.KEY_B, key_rsa,
key_ed25519, key_ecdsa]))
ssh.RemoveAuthorizedKey(self.tmpname, key_ed25519)
self.assertFileContent(self.tmpname,
_ToFileContent([self.KEY_A, self.KEY_B, key_rsa,
key_ecdsa]))
ssh.RemoveAuthorizedKey(self.tmpname, key_rsa)
ssh.RemoveAuthorizedKey(self.tmpname, key_ecdsa)
self.assertFileContent(self.tmpname,
_ToFileContent([self.KEY_A, self.KEY_B]))
