def __str__(self): msg = 'Remote command "{}" exited ({})'.format( ' '.join(shlex_quote(a) for a in self.args), self.returncode) if self.meaning: msg += ': ' + self.meaning if self.stdout: msg += '\n' + util.indent(' ', self.stdout) if self.stderr: msg += '\n' + util.indent(' ', self.stderr) return msg
def regenerate_host_keys(mark='/etc/ssh/host_keys_regenerated'): if mark: if remote.lstat(mark): return Unchanged(msg='Hostkeys have already been regenerated') key_names = [ '/etc/ssh/ssh_host_ecdsa_key', '/etc/ssh/ssh_host_ed25519_key', '/etc/ssh/ssh_host_rsa_key', '/etc/ssh/ssh_host_dsa_key', ] def collect_fingerprints(): fps = '' for key in key_names: if remote.lstat(key): fps += proc.run(['ssh-keygen', '-l', '-f', key])[0] return fps old_fps = collect_fingerprints() # remove old keys for key in key_names: fs.remove_file(key) fs.remove_file(key + '.pub') # generate new ones proc.run(['dpkg-reconfigure', 'openssh-server']) # restart openssh systemd.restart_unit('ssh.service') new_fps = collect_fingerprints() # mark host keys as new fs.touch(mark) return Changed( msg='Regenerated SSH host keys.\n' 'Old fingerprints:\n{}\nNew fingerprints:\n{}\n'.format( util.indent(' ', old_fps), util.indent(' ', new_fps)))