def __init__(self):
self._logger = logging.getLogger(__name__)
if disttool.is_redhat_based():
init_script = ('/sbin/service', 'sshd')
elif disttool.is_ubuntu() and disttool.version_info() >= (10, 4):
init_script = ('/usr/sbin/service', 'ssh')
else:
init_script = firstmatched(os.path.exists, ('/etc/init.d/ssh', '/etc/init.d/sshd'))
self._sshd_init = ParametrizedInitScript('sshd', init_script)
bus.on(init=self.on_init)
def __init__(self):
self._logger = logging.getLogger(__name__)
if linux.os.redhat_family:
init_script = ('/sbin/service', 'sshd')
elif linux.os.ubuntu and linux.os['version'] >= (10, 4):
init_script = ('/usr/sbin/service', 'ssh')
else:
init_script = firstmatched(os.path.exists, ('/etc/init.d/ssh', '/etc/init.d/sshd'))
self._sshd_init = ParametrizedInitScript('sshd', init_script)
bus.on(init=self.on_init)
def __init__(self):
self._logger = logging.getLogger(__name__)
if linux.os.redhat_family:
init_script = ('/sbin/service', 'sshd')
elif linux.os.ubuntu and linux.os['version'] >= (10, 4):
init_script = ('/usr/sbin/service', 'ssh')
else:
init_script = firstmatched(os.path.exists, ('/etc/init.d/ssh', '/etc/init.d/sshd'))
self._sshd_init = ParametrizedInitScript('sshd', init_script)
bus.on(init=self.on_init)
class SSHKeys(Handler):
sshd_config_path = '/etc/ssh/sshd_config'
authorized_keys_file = '/root/.ssh/authorized_keys'
_logger = None
_sshd_init = None
def __init__(self):
self._logger = logging.getLogger(__name__)
if disttool.is_redhat_based():
init_script = ('/sbin/service', 'sshd')
elif disttool.is_ubuntu() and disttool.version_info() >= (10, 4):
init_script = ('/usr/sbin/service', 'ssh')
else:
init_script = firstmatched(os.path.exists,
('/etc/init.d/ssh', '/etc/init.d/sshd'))
self._sshd_init = ParametrizedInitScript('sshd', init_script)
bus.on(init=self.on_init)
def on_init(self):
self._setup_sshd_config()
def _setup_sshd_config(self):
# Enable public key authentification
sshd_config = open(self.sshd_config_path)
lines = sshd_config.readlines()
sshd_config.close()
variables = {
'RSAAuthentication': 'yes',
'PubkeyAuthentication': 'yes',
'AuthorizedKeysFile': '%h/.ssh/authorized_keys',
}
if 'Amazon' == linux.os['name']:
variables.update({'PermitRootLogin': '******'})
regexps = {}
for key, value in variables.items():
regexps[key] = re.compile(r'^%s\s+%s' % (key, value))
new_lines = []
for line in lines:
for key, regexp in regexps.items():
if regexp.search(line):
self._logger.debug('Found %s', regexp)
if key in variables:
del variables[key]
elif line.startswith(key) and key in variables:
# second condition is a workaround over duplicate options in sshd_config
self._logger.debug('Update %s option %s: %s',
self.sshd_config_path, key,
variables[key])
line = '%s %s\n' % (key, variables[key])
if key in variables:
del variables[key]
new_lines.append(line)
for key, value in variables.items():
self._logger.debug('Update %s option %s: %s',
self.sshd_config_path, key, value)
new_lines.append('%s %s\n' % (key, value))
if new_lines != lines:
self._logger.debug('Writing new %s', self.sshd_config_path)
fp = open(self.sshd_config_path, 'w')
fp.write(''.join(new_lines))
fp.close()
try:
self._sshd_init.restart()
except:
self._logger.debug('Error during SSH restart',
exc_info=sys.exc_info())
# Setup .ssh directory structure
ssh_dir = os.path.dirname(self.authorized_keys_file)
if not os.path.exists(ssh_dir):
self._logger.debug('Creating %s', ssh_dir)
os.makedirs(ssh_dir)
os.chmod(ssh_dir, 0700)
if not os.path.exists(self.authorized_keys_file):
self._logger.debug('Creating empty authrized keys file %s',
self.authorized_keys_file)
open(self.authorized_keys_file, 'w').close()
os.chmod(self.authorized_keys_file, 0600)
def on_UpdateSshAuthorizedKeys(self, message):
if not message.add and not message.remove:
self._logger.debug('Empty key lists in message. Nothing to do.')
return
self._setup_sshd_config()
ak = self._read_ssh_keys_file()
if message.add:
for key in message.add:
ak = self._add_key(ak, key)
if message.remove:
for key in message.remove:
ak = self._remove_key(ak, key)
if ak:
ak = self._check(ak)
self._write_ssh_keys_file(ak)
def _read_ssh_keys_file(self):
self._logger.debug('Reading autorized keys from %s' %
self.authorized_keys_file)
if os.path.exists(self.authorized_keys_file):
os.chmod(self.authorized_keys_file, 0600)
with open(self.authorized_keys_file) as fp:
return fp.read()
def _write_ssh_keys_file(self, content):
self._logger.debug('Writing authorized keys')
try:
with open(self.authorized_keys_file, 'w') as fp:
fp.write(content)
except IOError:
raise UpdateSshAuthorizedKeysError(
'Unable to write ssh keys to %s' % self.authorized_keys_file)
os.chmod(self.authorized_keys_file, 0600)
def _add_key(self, content, key):
if not key in content:
return content + '\n%s\n' % key
else:
self._logger.debug('Key already exists in %s' %
self.authorized_keys_file)
return content
def _remove_key(self, content, key):
if content:
return content.replace(key, '')
else:
self._logger.debug(
'No keys found. Keys file %s is probably empty' %
self.authorized_keys_file)
return content
def _check(self, content):
while '\n\n' in content:
content = content.replace('\n\n', '\n')
if not content.endswith('\n'):
content += '\n'
return content
def accept(self,
message,
queue,
behaviour=None,
platform=None,
os=None,
dist=None):
return (message.name == Messages.UPDATE_SSH_AUTHORIZED_KEYS)
class SSHKeys(Handler):
sshd_config_path = '/etc/ssh/sshd_config'
authorized_keys_file = '/root/.ssh/authorized_keys'
_logger = None
_sshd_init = None
def __init__(self):
self._logger = logging.getLogger(__name__)
if linux.os.redhat_family:
init_script = ('/sbin/service', 'sshd')
elif linux.os.ubuntu and linux.os['version'] >= (10, 4):
init_script = ('/usr/sbin/service', 'ssh')
else:
init_script = firstmatched(os.path.exists,
('/etc/init.d/ssh', '/etc/init.d/sshd'))
self._sshd_init = ParametrizedInitScript('sshd', init_script)
bus.on(init=self.on_init)
def on_init(self):
self._setup_sshd_config()
def _setup_sshd_config(self):
# Enable public key authentification
sshd_config = open(self.sshd_config_path)
lines = sshd_config.readlines()
sshd_config.close()
updates = {
'RSAAuthentication': 'yes',
'PubkeyAuthentication': 'yes',
'AuthorizedKeysFile': '%h/.ssh/authorized_keys'
}
if linux.os.amazon:
updates.update({'PermitRootLogin': '******'})
updated_keys = set()
new_lines = []
for line in lines:
for key, new_value in updates.items():
if line.startswith(key):
try:
old_value = line.split(' ', 1)[1].strip()
except IndexError:
old_value = None
if old_value != new_value:
# update
self._logger.debug('Updating %s, old/new: %s/%s', key,
old_value, new_value)
line = '{0} {1}\n'.format(key, new_value)
updated_keys.add(key)
new_lines.append(line)
# Ensure NL at the end of the file
if new_lines[-1][-1] != '\n':
new_lines[-1] = new_lines[-1] + '\n'
for key, new_value in updates.items():
if key not in updated_keys:
# add
self._logger.debug('Adding %s: %s', key, new_value)
line = '{0} {1}\n'.format(key, new_value)
new_lines.append(line)
if new_lines != lines:
self._logger.debug('Writing new %s', self.sshd_config_path)
fp = open(self.sshd_config_path, 'w')
fp.write(''.join(new_lines))
fp.close()
try:
self._sshd_init.restart()
except:
self._logger.debug('Failed to restart sshd: %s',
sys.exc_info()[1])
# Setup .ssh directory structure
ssh_dir = os.path.dirname(self.authorized_keys_file)
if not os.path.exists(ssh_dir):
self._logger.debug('Creating %s', ssh_dir)
os.makedirs(ssh_dir)
os.chmod(ssh_dir, 0700)
if not os.path.exists(self.authorized_keys_file):
self._logger.debug('Creating empty authrized keys file %s',
self.authorized_keys_file)
open(self.authorized_keys_file, 'w').close()
os.chmod(self.authorized_keys_file, 0600)
def on_UpdateSshAuthorizedKeys(self, message):
if not message.add and not message.remove:
self._logger.debug('Empty key lists in message. Nothing to do.')
return
self._setup_sshd_config()
ak = self._read_ssh_keys_file()
if message.add:
for key in message.add:
ak = self._add_key(ak, key)
if message.remove:
for key in message.remove:
ak = self._remove_key(ak, key)
if ak:
ak = self._check(ak)
self._write_ssh_keys_file(ak)
def _read_ssh_keys_file(self):
self._logger.debug('Reading autorized keys from %s' %
self.authorized_keys_file)
if os.path.exists(self.authorized_keys_file):
os.chmod(self.authorized_keys_file, 0600)
with open(self.authorized_keys_file) as fp:
return fp.read()
def _write_ssh_keys_file(self, content):
self._logger.debug('Writing authorized keys')
try:
with open(self.authorized_keys_file, 'w') as fp:
fp.write(content)
except IOError:
raise UpdateSshAuthorizedKeysError(
'Unable to write ssh keys to %s' % self.authorized_keys_file)
os.chmod(self.authorized_keys_file, 0600)
def _add_key(self, content, key):
if not key in content:
return content + '\n%s\n' % key
else:
self._logger.debug('Key already exists in %s' %
self.authorized_keys_file)
return content
def _remove_key(self, content, key):
if content:
return content.replace(key, '')
else:
self._logger.debug(
'No keys found. Keys file %s is probably empty' %
self.authorized_keys_file)
return content
def _check(self, content):
while '\n\n' in content:
content = content.replace('\n\n', '\n')
if not content.endswith('\n'):
content += '\n'
return content
def accept(self,
message,
queue,
behaviour=None,
platform=None,
os=None,
dist=None):
return (message.name == Messages.UPDATE_SSH_AUTHORIZED_KEYS)
class SSHKeys(Handler):
sshd_config_path = '/etc/ssh/sshd_config'
authorized_keys_file = '/root/.ssh/authorized_keys'
_logger = None
_sshd_init = None
def __init__(self):
self._logger = logging.getLogger(__name__)
if disttool.is_redhat_based():
init_script = ('/sbin/service', 'sshd')
elif disttool.is_ubuntu() and disttool.version_info() >= (10, 4):
init_script = ('/usr/sbin/service', 'ssh')
else:
init_script = firstmatched(os.path.exists, ('/etc/init.d/ssh', '/etc/init.d/sshd'))
self._sshd_init = ParametrizedInitScript('sshd', init_script)
bus.on(init=self.on_init)
def on_init(self):
self._setup_sshd_config()
def _setup_sshd_config(self):
# Enable public key authentification
sshd_config = open(self.sshd_config_path)
lines = sshd_config.readlines()
sshd_config.close()
variables = {
'RSAAuthentication' : 'yes',
'PubkeyAuthentication' : 'yes',
'AuthorizedKeysFile' : '%h/.ssh/authorized_keys',
}
if 'Amazon' == linux.os['name']:
variables.update({'PermitRootLogin' : 'without-password'})
regexps = {}
for key, value in variables.items():
regexps[key] = re.compile(r'^%s\s+%s' % (key, value))
new_lines = []
for line in lines:
for key, regexp in regexps.items():
if regexp.search(line):
self._logger.debug('Found %s', regexp)
if key in variables:
del variables[key]
elif line.startswith(key) and key in variables:
# second condition is a workaround over duplicate options in sshd_config
self._logger.debug('Update %s option %s: %s', self.sshd_config_path, key, variables[key])
line = '%s %s\n' % (key, variables[key])
if key in variables:
del variables[key]
new_lines.append(line)
for key, value in variables.items():
self._logger.debug('Update %s option %s: %s', self.sshd_config_path, key, value)
new_lines.append('%s %s\n' % (key, value))
if new_lines != lines:
self._logger.debug('Writing new %s', self.sshd_config_path)
fp = open(self.sshd_config_path, 'w')
fp.write(''.join(new_lines))
fp.close()
try:
self._sshd_init.restart()
except:
self._logger.debug('Error during SSH restart', exc_info=sys.exc_info())
# Setup .ssh directory structure
ssh_dir = os.path.dirname(self.authorized_keys_file)
if not os.path.exists(ssh_dir):
self._logger.debug('Creating %s', ssh_dir)
os.makedirs(ssh_dir)
os.chmod(ssh_dir, 0700)
if not os.path.exists(self.authorized_keys_file):
self._logger.debug('Creating empty authrized keys file %s', self.authorized_keys_file)
open(self.authorized_keys_file, 'w').close()
os.chmod(self.authorized_keys_file, 0600)
def on_UpdateSshAuthorizedKeys(self, message):
if not message.add and not message.remove:
self._logger.debug('Empty key lists in message. Nothing to do.')
return
self._setup_sshd_config()
ak = self._read_ssh_keys_file()
if message.add:
for key in message.add:
ak = self._add_key(ak, key)
if message.remove:
for key in message.remove:
ak = self._remove_key(ak, key)
if ak:
ak = self._check(ak)
self._write_ssh_keys_file(ak)
def _read_ssh_keys_file(self):
self._logger.debug('Reading autorized keys from %s' % self.authorized_keys_file)
if os.path.exists(self.authorized_keys_file):
os.chmod(self.authorized_keys_file, 0600)
with open(self.authorized_keys_file) as fp:
return fp.read()
def _write_ssh_keys_file(self, content):
self._logger.debug('Writing authorized keys')
try:
with open(self.authorized_keys_file, 'w') as fp:
fp.write(content)
except IOError:
raise UpdateSshAuthorizedKeysError('Unable to write ssh keys to %s' % self.authorized_keys_file)
os.chmod(self.authorized_keys_file, 0600)
def _add_key(self, content, key):
if not key in content:
return content + '\n%s\n' % key
else:
self._logger.debug('Key already exists in %s' % self.authorized_keys_file)
return content
def _remove_key(self, content, key):
if content:
return content.replace(key, '')
else:
self._logger.debug('No keys found. Keys file %s is probably empty' % self.authorized_keys_file)
return content
def _check(self, content):
while '\n\n' in content:
content = content.replace('\n\n', '\n')
if not content.endswith('\n'):
content += '\n'
return content
def accept(self, message, queue, behaviour=None, platform=None, os=None, dist=None):
return (message.name == Messages.UPDATE_SSH_AUTHORIZED_KEYS)
class SSHKeys(Handler):
sshd_config_path = "/etc/ssh/sshd_config"
authorized_keys_file = "/root/.ssh/authorized_keys"
_logger = None
_sshd_init = None
def __init__(self):
self._logger = logging.getLogger(__name__)
if disttool.is_redhat_based():
init_script = ("/sbin/service", "sshd")
elif disttool.is_ubuntu() and disttool.version_info() >= (10, 4):
init_script = ("/usr/sbin/service", "ssh")
else:
init_script = firstmatched(os.path.exists, ("/etc/init.d/ssh", "/etc/init.d/sshd"))
self._sshd_init = ParametrizedInitScript("sshd", init_script)
bus.on(init=self.on_init)
def on_init(self):
self._setup_sshd_config()
def _setup_sshd_config(self):
# Enable public key authentification
sshd_config = open(self.sshd_config_path)
lines = sshd_config.readlines()
sshd_config.close()
variables = {
"RSAAuthentication": "yes",
"PubkeyAuthentication": "yes",
"AuthorizedKeysFile": ".ssh/authorized_keys",
}
regexps = {}
for key, value in variables.items():
regexps[key] = re.compile(r"^%s\s+%s" % (key, value))
new_lines = []
for line in lines:
for key, regexp in regexps.items():
if regexp.search(line):
self._logger.debug("Found %s", regexp)
if key in variables:
del variables[key]
elif line.startswith(key) and key in variables:
# second condition is a workaround over duplicate options in sshd_config
self._logger.debug("Update %s option %s: %s", self.sshd_config_path, key, variables[key])
line = "%s %s\n" % (key, variables[key])
if key in variables:
del variables[key]
new_lines.append(line)
for key, value in variables.items():
self._logger.debug("Update %s option %s: %s", self.sshd_config_path, key, value)
new_lines.append("%s %s\n" % (key, value))
if new_lines != lines:
self._logger.debug("Writing new %s", self.sshd_config_path)
fp = open(self.sshd_config_path, "w")
fp.write("".join(new_lines))
fp.close()
self._sshd_init.restart()
# Setup .ssh directory structure
ssh_dir = os.path.dirname(self.authorized_keys_file)
if not os.path.exists(ssh_dir):
self._logger.debug("Creating %s", ssh_dir)
os.makedirs(ssh_dir)
os.chmod(ssh_dir, 0700)
if not os.path.exists(self.authorized_keys_file):
self._logger.debug("Creating empty authrized keys file %s", self.authorized_keys_file)
open(self.authorized_keys_file, "w").close()
os.chmod(self.authorized_keys_file, 0600)
def on_UpdateSshAuthorizedKeys(self, message):
if not message.add and not message.remove:
self._logger.debug("Empty key lists in message. Nothing to do.")
return
self._setup_sshd_config()
ak = self._read_ssh_keys_file()
if message.add:
for key in message.add:
ak = self._add_key(ak, key)
if message.remove:
for key in message.remove:
ak = self._remove_key(ak, key)
if ak:
ak = self._check(ak)
self._write_ssh_keys_file(ak)
def _read_ssh_keys_file(self):
content = read_file(
self.authorized_keys_file,
msg="Reading autorized keys from %s" % self.authorized_keys_file,
logger=self._logger,
)
if content == None:
raise UpdateSshAuthorizedKeysError("Unable to read ssh keys from %s" % self.authorized_keys_file)
return content
def _write_ssh_keys_file(self, content):
ret = write_file(self.authorized_keys_file, content, msg="Writing authorized keys", logger=self._logger)
if not ret:
raise UpdateSshAuthorizedKeysError("Unable to write ssh keys to %s" % self.authorized_keys_file)
os.chmod(self.authorized_keys_file, 0600)
def _add_key(self, content, key):
if not key in content:
return content + "\n%s\n" % key
else:
self._logger.debug("Key already exists in %s" % self.authorized_keys_file)
return content
def _remove_key(self, content, key):
if content:
return content.replace(key, "")
else:
self._logger.debug("No keys found. Keys file %s is probably empty" % self.authorized_keys_file)
return content
def _check(self, content):
while "\n\n" in content:
content = content.replace("\n\n", "\n")
if not content.endswith("\n"):
content += "\n"
return content
def accept(self, message, queue, behaviour=None, platform=None, os=None, dist=None):
return message.name == Messages.UPDATE_SSH_AUTHORIZED_KEYS
class SSHKeys(Handler):
sshd_config_path = '/etc/ssh/sshd_config'
authorized_keys_file = '/root/.ssh/authorized_keys'
_logger = None
_sshd_init = None
def __init__(self):
self._logger = logging.getLogger(__name__)
if linux.os.redhat_family:
init_script = ('/sbin/service', 'sshd')
elif linux.os.ubuntu and linux.os['version'] >= (10, 4):
init_script = ('/usr/sbin/service', 'ssh')
else:
init_script = firstmatched(os.path.exists, ('/etc/init.d/ssh', '/etc/init.d/sshd'))
self._sshd_init = ParametrizedInitScript('sshd', init_script)
bus.on(init=self.on_init)
def on_init(self):
self._setup_sshd_config()
def _setup_sshd_config(self):
# Enable public key authentification
sshd_config = open(self.sshd_config_path)
lines = sshd_config.readlines()
sshd_config.close()
updates = {
'RSAAuthentication' : 'yes',
'PubkeyAuthentication' : 'yes',
'AuthorizedKeysFile' : '%h/.ssh/authorized_keys'
}
if linux.os.amazon:
updates.update({'PermitRootLogin': '******'})
updated_keys = set()
new_lines = []
for line in lines:
for key, new_value in updates.items():
if line.startswith(key):
try:
old_value = line.split(' ', 1)[1].strip()
except IndexError:
old_value = None
if old_value != new_value:
# update
self._logger.debug('Updating %s, old/new: %s/%s', key, old_value, new_value)
line = '{0} {1}\n'.format(key, new_value)
updated_keys.add(key)
new_lines.append(line)
# Ensure NL at the end of the file
if new_lines[-1][-1] != '\n':
new_lines[-1] = new_lines[-1] + '\n'
for key, new_value in updates.items():
if key not in updated_keys:
# add
self._logger.debug('Adding %s: %s', key, new_value)
line = '{0} {1}\n'.format(key, new_value)
new_lines.append(line)
if new_lines != lines:
self._logger.debug('Writing new %s', self.sshd_config_path)
fp = open(self.sshd_config_path, 'w')
fp.write(''.join(new_lines))
fp.close()
try:
self._sshd_init.restart()
except:
self._logger.debug('Failed to restart sshd: %s', sys.exc_info()[1])
# Setup .ssh directory structure
ssh_dir = os.path.dirname(self.authorized_keys_file)
if not os.path.exists(ssh_dir):
self._logger.debug('Creating %s', ssh_dir)
os.makedirs(ssh_dir)
os.chmod(ssh_dir, 0700)
if not os.path.exists(self.authorized_keys_file):
self._logger.debug('Creating empty authrized keys file %s', self.authorized_keys_file)
open(self.authorized_keys_file, 'w').close()
os.chmod(self.authorized_keys_file, 0600)
def on_UpdateSshAuthorizedKeys(self, message):
if not message.add and not message.remove:
self._logger.debug('Empty key lists in message. Nothing to do.')
return
self._setup_sshd_config()
ak = self._read_ssh_keys_file()
if message.add:
for key in message.add:
ak = self._add_key(ak, key)
if message.remove:
for key in message.remove:
ak = self._remove_key(ak, key)
if ak:
ak = self._check(ak)
self._write_ssh_keys_file(ak)
def _read_ssh_keys_file(self):
self._logger.debug('Reading autorized keys from %s' % self.authorized_keys_file)
if os.path.exists(self.authorized_keys_file):
os.chmod(self.authorized_keys_file, 0600)
with open(self.authorized_keys_file) as fp:
return fp.read()
def _write_ssh_keys_file(self, content):
self._logger.debug('Writing authorized keys')
try:
with open(self.authorized_keys_file, 'w') as fp:
fp.write(content)
except IOError:
raise UpdateSshAuthorizedKeysError('Unable to write ssh keys to %s' % self.authorized_keys_file)
os.chmod(self.authorized_keys_file, 0600)
def _add_key(self, content, key):
if not key in content:
return content + '\n%s\n' % key
else:
self._logger.debug('Key already exists in %s' % self.authorized_keys_file)
return content
def _remove_key(self, content, key):
if content:
return content.replace(key, '')
else:
self._logger.debug('No keys found. Keys file %s is probably empty' % self.authorized_keys_file)
return content
def _check(self, content):
while '\n\n' in content:
content = content.replace('\n\n', '\n')
if not content.endswith('\n'):
content += '\n'
return content
def accept(self, message, queue, behaviour=None, platform=None, os=None, dist=None):
return (message.name == Messages.UPDATE_SSH_AUTHORIZED_KEYS)
