def __ssh_private_key_check(self):
prvfile = self.get_config('ssh_keys')
pubfile = "%s.pub" % prvfile
prv = None
if not os.path.exists(prvfile):
try:
self.log_info("generating %s" % prvfile)
prv = RSAKey.generate(bits=1024)
prv.write_private_key_file(prvfile)
except Exception as e:
self.log_critical("error: %s" % e)
raise
if not os.path.exists(pubfile):
try:
self.log_info("generating %s" % pubfile)
pub = RSAKey(filename=prvfile)
with open(pubfile, 'w') as f:
f.write("%s %s" % (pub.get_name(), pub.get_base64()))
except Exception as e:
self.log_critical("error: %s" % e)
raise
if not prv:
prv = RSAKey(filename=prvfile)
self.ssh_host_key = prv
self.ssh_host_hash = paramiko.py3compat.u(
hexlify(prv.get_fingerprint()))
self.log_info("SSH fingerprint: %s" % self.ssh_host_hash)
def generate_key_pair(
cls,
filename: str,
bits: int = 2048,
passphrase: str = None,
comment: str = None,
):
"""Generate RSA key pair.
:param filename: name of private key file
:param bits: length of RSA key
:param passphrase: passphrase of the RSA key
:param comment: comment for RSA key
"""
priv = RSAKey.generate(bits=bits)
priv.write_private_key_file(filename, password=passphrase)
pub = RSAKey(filename=filename, password=passphrase)
logger.info(f"generated RSA key pair: {filename}")
with open(f"{filename}.pub", "w") as f:
f.write(f"{pub.get_name()} {pub.get_base64()}")
if comment:
f.write(f" {comment}")
hash = u(hexlify(pub.get_fingerprint()))
fingerprint = ":".join([hash[i:2 + i] for i in range(0, len(hash), 2)])
logger.info(f"fingerprint: {bits} {fingerprint} {filename}.pub (RSA)")
return fingerprint
def compute_fingerprint(self):
data = base64.b64decode(self.key)
if self.key_type == "ssh-rsa":
pkey = RSAKey(data=data)
elif self.key_type == "ssh-dss":
pkey = DSSKey(data=data)
return ":".join(re.findall(r"..", hexlify(pkey.get_fingerprint())))
def compute_fingerprint(self):
data = base64.b64decode(self.key)
if self.key_type == "ssh-rsa":
pkey = RSAKey(data=data)
elif self.key_type == "ssh-dss":
pkey = DSSKey(data=data)
return ":".join(re.findall(r"..", hexlify(pkey.get_fingerprint())))
def dehydrate(self, bundle):
if bundle.obj.key_type == "ssh-rsa":
key = RSAKey(data=base64.b64decode(bundle.obj.public_key))
elif bundle.obj.key_type == "ssh-dss":
key = DSSKey(data=base64.b64decode(bundle.obj.public_key))
elif bundle.obj.key_type.startswith("ecdsa"):
key = ECDSAKey(data=base64.b64decode(bundle.obj.public_key))
else:
raise HydrationError("Unknown key type: %s" %
bundle.object.key_type)
bundle.data['fingerprint'] = u(hexlify(key.get_fingerprint()))
return bundle
def dehydrate(self, bundle):
if bundle.obj.key_type == "ssh-rsa":
key = RSAKey(data=base64.b64decode(bundle.obj.public_key))
elif bundle.obj.key_type == "ssh-rsa":
key = DSSKey(data=base64.b64decode(bundle.obj.public_key))
elif bundle.obj.key_type.startswith("ecdsa"):
key = ECDSAKey(data=base64.b64decode(bundle.obj.public_key))
else:
raise HydrationError(
"Unknown key type: %s" % bundle.object.key_type
)
bundle.data['fingerprint'] = u(hexlify(key.get_fingerprint()))
return bundle
def generate_fingerprint(key):
fingerprint = None
_type, _key, _name = split_ssh_key(key)
try:
if _type == "ssh-rsa":
_key = RSAKey(data=decodestring(_key))
elif _type == "ssh-dss":
_key = DSSKey(data=decodestring(_key))
else:
return fingerprint
hash = hexlify(_key.get_fingerprint())
fingerprint = ":".join([hash[i : 2 + i] for i in range(0, len(hash), 2)])
except SSHException as e:
# Invalid key
# raise ValueError(str(e))
return None
except Error:
# Incorrect padding
# report "Invalid key" error to user
# raise ValueError("Invalid key")
return None
return fingerprint
def generate_fingerprint(key):
fingerprint = None
_type, _key, _name = split_ssh_key(key)
try:
if _type == 'ssh-rsa':
_key = RSAKey(data=decodestring(_key))
elif _type == 'ssh-dss':
_key = DSSKey(data=decodestring(_key))
else:
return fingerprint
hash = hexlify(_key.get_fingerprint())
fingerprint = ":".join([hash[i:2 + i] for i in range(0, len(hash), 2)])
except SSHException as e:
# Invalid key
# raise ValueError(str(e))
return None
except Error:
# Incorrect padding
# report "Invalid key" error to user
# raise ValueError("Invalid key")
return None
return fingerprint
