def can_connect_passwordless(hostname): """ Ensure that current host can SSH remotely to the remote host using the ``BatchMode`` option to prevent a password prompt. That attempt will error with an exit status of 255 and a ``Permission denied`` message or a``Host key verification failed`` message. """ # Ensure we are not doing this for local hosts if not remoto.backends.needs_ssh(hostname): return True logger = logging.getLogger(hostname) with get_local_connection(logger) as conn: # Check to see if we can login, disabling password prompts command = ['ssh', '-CT', '-o', 'BatchMode=yes', hostname, 'true'] out, err, retval = remoto.process.check(conn, command, stop_on_error=False) permission_denied_error = 'Permission denied ' host_key_verify_error = 'Host key verification failed.' has_key_error = False for line in err: if permission_denied_error in line or host_key_verify_error in line: has_key_error = True if retval == 255 and has_key_error: return False return True
def can_connect_passwordless(hostname): """ Ensure that current host can SSH remotely to the remote host using the ``BatchMode`` option to prevent a password prompt. That attempt will error with an exit status of 255 and a ``Permission denied`` message. """ # Ensure we are not doing this for local hosts if not needs_ssh(hostname): return True logger = logging.getLogger(hostname) with get_local_connection(logger) as conn: # Check to see if we can login, disabling password prompts command = ['ssh', '-CT', '-o', 'BatchMode=yes', hostname] out, err, retval = process.check(conn, command, stop_on_error=False) expected_error = 'Permission denied (publickey,password)' has_key_error = False for line in err: if expected_error in line: has_key_error = True if retval == 255 and has_key_error: return False return True
def ssh_copy_keys(hostname, username=None): LOG.info("making sure passwordless SSH succeeds") if ssh.can_connect_passwordless(hostname): return LOG.warning("could not connect via SSH") # Create the key if it doesn't exist: id_rsa_pub_file = os.path.expanduser(u"~/.ssh/id_rsa.pub") id_rsa_file = id_rsa_pub_file.split(".pub")[0] if not os.path.exists(id_rsa_file): LOG.info("creating a passwordless id_rsa.pub key file") with get_local_connection(LOG) as conn: remoto.process.run(conn, ["ssh-keygen", "-t", "rsa", "-N", "", "-f", id_rsa_file]) # Get the contents of id_rsa.pub and push it to the host LOG.info("will connect again with password prompt") distro = hosts.get(hostname, username) # XXX Add username auth_keys_path = ".ssh/authorized_keys" if not distro.conn.remote_module.path_exists(auth_keys_path): distro.conn.logger.warning(".ssh/authorized_keys does not exist, will skip adding keys") else: LOG.info("adding public keys to authorized_keys") with open(os.path.expanduser("~/.ssh/id_rsa.pub"), "r") as id_rsa: contents = id_rsa.read() distro.conn.remote_module.append_to_file(auth_keys_path, contents) distro.conn.exit()
def ssh_copy_keys(hostname, username=None): LOG.info('making sure passwordless SSH succeeds') if ssh.can_connect_passwordless(hostname): return LOG.warning('could not connect via SSH') # Create the key if it doesn't exist: id_rsa_pub_file = os.path.expanduser(u'~/.ssh/id_rsa.pub') id_rsa_file = id_rsa_pub_file.split('.pub')[0] if not os.path.exists(id_rsa_file): LOG.info('creating a passwordless id_rsa.pub key file') with get_local_connection(LOG) as conn: remoto.process.run( conn, [ 'ssh-keygen', '-t', 'rsa', '-N', "", '-f', id_rsa_file, ] ) # Get the contents of id_rsa.pub and push it to the host LOG.info('will connect again with password prompt') distro = hosts.get(hostname, username, detect_sudo=False) auth_keys_path = '.ssh/authorized_keys' if not distro.conn.remote_module.path_exists(auth_keys_path): distro.conn.logger.warning( '.ssh/authorized_keys does not exist, will skip adding keys' ) else: LOG.info('adding public keys to authorized_keys') with open(os.path.expanduser('~/.ssh/id_rsa.pub'), 'r') as id_rsa: contents = id_rsa.read() distro.conn.remote_module.append_to_file( auth_keys_path, contents ) distro.conn.exit()
def ssh_copy_keys(hostname, username=None): LOG.info('making sure passwordless SSH succeeds') if ssh.can_connect_passwordless(hostname): return LOG.warning('could not connect via SSH') # Create the key if it doesn't exist: id_rsa_pub_file = os.path.expanduser(u'~/.ssh/id_rsa.pub') id_rsa_file = id_rsa_pub_file.split('.pub')[0] if not os.path.exists(id_rsa_file): LOG.info('creating a passwordless id_rsa.pub key file') with get_local_connection(LOG) as conn: remoto.process.run( conn, [ 'ssh-keygen', '-t', 'rsa', '-N', "", '-f', id_rsa_file, ] ) # Get the contents of id_rsa.pub and push it to the host LOG.info('will connect again with password prompt') distro = hosts.get(hostname, username) # XXX Add username auth_keys_path = '.ssh/authorized_keys' if not distro.conn.remote_module.path_exists(auth_keys_path): distro.conn.logger.warning( '.ssh/authorized_keys does not exist, will skip adding keys' ) else: LOG.info('adding public keys to authorized_keys') with open(os.path.expanduser('~/.ssh/id_rsa.pub'), 'r') as id_rsa: contents = id_rsa.read() distro.conn.remote_module.append_to_file( auth_keys_path, contents ) distro.conn.exit()