def set(self, timestamp=None):
# ensure directory for timestamp exists
fs.create_dir(remote.path.dirname(self.rpath), 0o755)
# update timestamp
fs.touch(self.rpath, timestamp)
# update cached values
if timestamp is not None:
self._current = timestamp
self.synced = True
log.debug('Timestamp {} set to {}'.format(self.rpath, self._current))
def set(self, timestamp=None):
# ensure directory for timestamp exists
fs.create_dir(remote.path.dirname(self.rpath), 0o755)
# update timestamp
fs.touch(self.rpath, timestamp)
# update cached values
if timestamp is not None:
self._current = timestamp
self.synced = True
log.debug('Timestamp {} set to {}'.format(self.rpath, self._current))
def init_authorized_keys(user='******', fix_permissions=True):
ak_file = get_authorized_keys_file(user)
ak_dir = remote.path.dirname(ak_file)
changed = False
# ensure the directory exists
changed |= fs.create_dir(ak_dir, mode=AK_DIR_PERMS).changed
if fix_permissions:
changed |= fs.chmod(ak_dir, AK_DIR_PERMS).changed
# check if the authorized keys file exists
if not remote.lstat(ak_file):
changed |= fs.touch(ak_file).changed
if fix_permissions:
changed |= fs.chmod(ak_file, AK_FILE_PERMS).changed
# at this point, we have fixed permissions for file and dir, as well as
# ensured they exist. however, they might still be owned by root
if changed:
return Changed(ak_file,
msg='Changed permissions or owner on authorized keys')
return Unchanged(
ak_file,
msg='authorized keys file has correct owner and permissions')
def init_authorized_keys(user='******', fix_permissions=True):
ak_file = get_authorized_keys_file(user)
ak_dir = remote.path.dirname(ak_file)
changed = False
# ensure the directory exists
changed |= fs.create_dir(ak_dir, mode=AK_DIR_PERMS).changed
if fix_permissions:
changed |= fs.chmod(ak_dir, AK_DIR_PERMS).changed
changed |= fs.chown(ak_dir, uid=user).changed
# check if the authorized keys file exists
if not remote.lstat(ak_file):
changed |= fs.touch(ak_file).changed
if fix_permissions:
changed |= fs.chmod(ak_file, AK_FILE_PERMS).changed
changed |= fs.chown(ak_dir, uid=user).changed
# at this point, we have fixed permissions for file and dir, as well as
# ensured they exist. however, they might still be owned by root
if changed:
return Changed(ak_file,
msg='Changed permissions or owner on authorized keys')
return Unchanged(
ak_file, msg='authorized keys file has correct owner and permissions')
def regenerate_host_keys(mark='/etc/ssh/host_keys_regenerated'):
if mark:
if remote.lstat(mark):
return Unchanged(msg='Hostkeys have already been regenerated')
key_names = [
'/etc/ssh/ssh_host_ecdsa_key',
'/etc/ssh/ssh_host_ed25519_key',
'/etc/ssh/ssh_host_rsa_key',
'/etc/ssh/ssh_host_dsa_key',
]
def collect_fingerprints():
fps = ''
for key in key_names:
if remote.lstat(key):
fps += proc.run(['ssh-keygen', '-l', '-f', key])[0]
return fps
old_fps = collect_fingerprints()
# remove old keys
for key in key_names:
fs.remove_file(key)
fs.remove_file(key + '.pub')
# generate new ones
proc.run(['dpkg-reconfigure', 'openssh-server'])
# restart openssh
systemd.restart_unit('ssh.service')
new_fps = collect_fingerprints()
# mark host keys as new
fs.touch(mark)
return Changed(
msg='Regenerated SSH host keys.\n'
'Old fingerprints:\n{}\nNew fingerprints:\n{}\n'.format(
util.indent(' ', old_fps), util.indent(' ', new_fps)))
def regenerate_host_keys(mark='/etc/ssh/host_keys_regenerated'):
if mark:
if remote.lstat(mark):
return Unchanged(msg='Hostkeys have already been regenerated')
key_names = [
'/etc/ssh/ssh_host_ecdsa_key',
'/etc/ssh/ssh_host_ed25519_key',
'/etc/ssh/ssh_host_rsa_key',
'/etc/ssh/ssh_host_dsa_key',
]
def collect_fingerprints():
fps = ''
for key in key_names:
if remote.lstat(key):
fps += proc.run(['ssh-keygen', '-l', '-f', key])[0]
return fps
old_fps = collect_fingerprints()
# remove old keys
for key in key_names:
fs.remove_file(key)
fs.remove_file(key + '.pub')
# generate new ones
proc.run(['dpkg-reconfigure', 'openssh-server'])
# restart openssh
systemd.restart_unit('ssh.service')
new_fps = collect_fingerprints()
# mark host keys as new
fs.touch(mark)
return Changed(
msg='Regenerated SSH host keys.\n'
'Old fingerprints:\n{}\nNew fingerprints:\n{}\n'.format(
util.indent(' ', old_fps), util.indent(' ', new_fps)))
