def test_multiple_authorizedkeys_file_multiuser(self, m_getpwnam): fpw = FakePwEnt(pw_name='bobby', pw_dir='/tmp/home2/bobby') m_getpwnam.return_value = fpw user_ssh_folder = "%s/.ssh" % fpw.pw_dir # /tmp/home2/bobby/.ssh/authorized_keys2 = rsa authorized_keys = self.tmp_path('authorized_keys2', dir=user_ssh_folder) util.write_file(authorized_keys, VALID_CONTENT['rsa']) # /tmp/home2/bobby/.ssh/user_keys3 = dsa user_keys = self.tmp_path('user_keys3', dir=user_ssh_folder) util.write_file(user_keys, VALID_CONTENT['dsa']) fpw2 = FakePwEnt(pw_name='suzie', pw_dir='/tmp/home/suzie') user_ssh_folder = "%s/.ssh" % fpw2.pw_dir # /tmp/home/suzie/.ssh/authorized_keys2 = [email protected] authorized_keys2 = self.tmp_path('authorized_keys2', dir=user_ssh_folder) util.write_file(authorized_keys2, VALID_CONTENT['*****@*****.**']) # /tmp/etc/ssh/authorized_keys = ecdsa authorized_keys_global = self.tmp_path('etc/ssh/authorized_keys2', dir="/tmp") util.write_file(authorized_keys_global, VALID_CONTENT['ecdsa']) # /tmp/sshd_config sshd_config = self.tmp_path('sshd_config', dir="/tmp") util.write_file( sshd_config, "AuthorizedKeysFile %s %%h/.ssh/authorized_keys2 %s" % (authorized_keys_global, user_keys)) # process first user (auth_key_fn, auth_key_entries) = ssh_util.extract_authorized_keys( fpw.pw_name, sshd_config) content = ssh_util.update_authorized_keys(auth_key_entries, []) self.assertEqual(user_keys, auth_key_fn) self.assertTrue(VALID_CONTENT['rsa'] in content) self.assertTrue(VALID_CONTENT['ecdsa'] in content) self.assertTrue(VALID_CONTENT['dsa'] in content) self.assertFalse(VALID_CONTENT['*****@*****.**'] in content) m_getpwnam.return_value = fpw2 # process second user (auth_key_fn, auth_key_entries) = ssh_util.extract_authorized_keys( fpw2.pw_name, sshd_config) content = ssh_util.update_authorized_keys(auth_key_entries, []) self.assertEqual(authorized_keys2, auth_key_fn) self.assertTrue(VALID_CONTENT['*****@*****.**'] in content) self.assertTrue(VALID_CONTENT['ecdsa'] in content) self.assertTrue(VALID_CONTENT['dsa'] in content) self.assertFalse(VALID_CONTENT['rsa'] in content)
def test_multiple_authorizedkeys_file_local_global2(self, m_getpwnam): fpw = FakePwEnt(pw_name='bobby', pw_dir='/tmp/home2/bobby') m_getpwnam.return_value = fpw user_ssh_folder = "%s/.ssh" % fpw.pw_dir # /tmp/home2/bobby/.ssh/authorized_keys2 = rsa authorized_keys = self.tmp_path('authorized_keys2', dir=user_ssh_folder) util.write_file(authorized_keys, VALID_CONTENT['rsa']) # /tmp/home2/bobby/.ssh/user_keys3 = dsa user_keys = self.tmp_path('user_keys3', dir=user_ssh_folder) util.write_file(user_keys, VALID_CONTENT['dsa']) # /tmp/etc/ssh/authorized_keys = ecdsa authorized_keys_global = self.tmp_path('etc/ssh/authorized_keys', dir="/tmp") util.write_file(authorized_keys_global, VALID_CONTENT['ecdsa']) # /tmp/sshd_config sshd_config = self.tmp_path('sshd_config', dir="/tmp") util.write_file( sshd_config, "AuthorizedKeysFile %s %s %s" % (authorized_keys_global, authorized_keys, user_keys)) (auth_key_fn, auth_key_entries) = ssh_util.extract_authorized_keys( fpw.pw_name, sshd_config) content = ssh_util.update_authorized_keys(auth_key_entries, []) self.assertEqual(user_keys, auth_key_fn) self.assertTrue(VALID_CONTENT['rsa'] in content) self.assertTrue(VALID_CONTENT['ecdsa'] in content) self.assertTrue(VALID_CONTENT['dsa'] in content)
def handle(name, cfg, cloud, log, _args): if 'no_ssh_fingerprints' in cfg: log.debug(("Skipping module named %s, " "logging of ssh fingerprints disabled"), name) hash_meth = util.get_cfg_option_str(cfg, "authkey_hash", "md5") (users, _groups) = ds.normalize_users_groups(cfg, cloud.distro) for (user_name, _cfg) in users.items(): (key_fn, key_entries) = ssh_util.extract_authorized_keys(user_name) _pprint_key_entries(user_name, key_fn, key_entries, hash_meth)
def handle(name, cfg, cloud, log, _args): if util.is_true(cfg.get('no_ssh_fingerprints', False)): log.debug(("Skipping module named %s, " "logging of SSH fingerprints disabled"), name) return hash_meth = util.get_cfg_option_str(cfg, "authkey_hash", "sha256") (users, _groups) = ug_util.normalize_users_groups(cfg, cloud.distro) for (user_name, _cfg) in users.items(): (key_fn, key_entries) = ssh_util.extract_authorized_keys(user_name) _pprint_key_entries(user_name, key_fn, key_entries, hash_meth)
def handle(name, cfg, cloud, log, _args): if 'no_ssh_fingerprints' in cfg: log.debug(("Skipping module named %s, " "logging of ssh fingerprints disabled"), name) hash_meth = util.get_cfg_option_str(cfg, "authkey_hash", "md5") (users, _groups) = ds.normalize_users_groups(cfg, cloud.distro) for (user_name, _cfg) in users.items(): (key_fn, key_entries) = ssh_util.extract_authorized_keys(user_name) _pprint_key_entries(user_name, key_fn, key_entries, hash_meth)
def execute_and_check( self, user, sshd_config, solution, keys, delete_keys=True ): (auth_key_fn, auth_key_entries) = ssh_util.extract_authorized_keys( user, sshd_config ) content = ssh_util.update_authorized_keys(auth_key_entries, []) self.assertEqual("%s/.ssh/authorized_keys" % fpw.pw_dir, auth_key_fn) self.assertTrue(VALID_CONTENT['rsa'] in content) self.assertFalse(VALID_CONTENT['dsa'] in content)
def test_multiple_authorizedkeys_file_global(self, m_getpwnam): fpw = FakePwEnt(pw_name='bobby', pw_dir='/tmp/home2/bobby') m_getpwnam.return_value = fpw # /tmp/etc/ssh/authorized_keys = rsa authorized_keys_global = self.tmp_path('etc/ssh/authorized_keys', dir="/tmp") util.write_file(authorized_keys_global, VALID_CONTENT['rsa']) # /tmp/sshd_config sshd_config = self.tmp_path('sshd_config') util.write_file(sshd_config, "AuthorizedKeysFile %s" % (authorized_keys_global)) (auth_key_fn, auth_key_entries) = ssh_util.extract_authorized_keys( fpw.pw_name, sshd_config) content = ssh_util.update_authorized_keys(auth_key_entries, []) self.assertEqual("%s/.ssh/authorized_keys" % fpw.pw_dir, auth_key_fn) self.assertTrue(VALID_CONTENT['rsa'] in content)
def test_multiple_authorizedkeys_file_order2(self, m_getpwnam): fpw = FakePwEnt(pw_name='suzie', pw_dir='/home/suzie') m_getpwnam.return_value = fpw authorized_keys = self.tmp_path('authorized_keys') util.write_file(authorized_keys, VALID_CONTENT['rsa']) user_keys = self.tmp_path('user_keys') util.write_file(user_keys, VALID_CONTENT['dsa']) sshd_config = self.tmp_path('sshd_config') util.write_file( sshd_config, "AuthorizedKeysFile %s %s" % (user_keys, authorized_keys)) (auth_key_fn, auth_key_entries) = ssh_util.extract_authorized_keys( fpw.pw_name, sshd_config) content = ssh_util.update_authorized_keys(auth_key_entries, []) self.assertEqual(user_keys, auth_key_fn) self.assertTrue(VALID_CONTENT['rsa'] in content) self.assertTrue(VALID_CONTENT['dsa'] in content)