def testAddingSeveralKeysAtOnce(self): ssh.AddAuthorizedKeys(self.tmpname, ["aaa", "bbb", "ccc"]) self.assertFileContent( self.tmpname, "ssh-dss AAAAB3NzaC1w5256closdj32mZaQU root@key-a\n" 'command="/usr/bin/fooserver -t --verbose",from="198.51.100.4"' " ssh-dss AAAAB3NzaC1w520smc01ms0jfJs22 root@key-b\n" "aaa\nbbb\nccc\n") ssh.AddAuthorizedKeys(self.tmpname, ["bbb", "ddd", "eee"]) self.assertFileContent( self.tmpname, "ssh-dss AAAAB3NzaC1w5256closdj32mZaQU root@key-a\n" 'command="/usr/bin/fooserver -t --verbose",from="198.51.100.4"' " ssh-dss AAAAB3NzaC1w520smc01ms0jfJs22 root@key-b\n" "aaa\nbbb\nccc\nddd\neee\n")
def UpdateSshRoot(data, dry_run, _homedir_fn=None): """Updates root's SSH keys. Root's C{authorized_keys} file is also updated with new public keys. @type data: dict @param data: Input data @type dry_run: boolean @param dry_run: Whether to perform a dry run """ authorized_keys = data.get(constants.SSHS_SSH_AUTHORIZED_KEYS) (auth_keys_file, _) = \ ssh.GetAllUserFiles(constants.SSH_LOGIN_USER, mkdir=True, _homedir_fn=_homedir_fn) if dry_run: logging.info("This is a dry run, not replacing the SSH keys.") else: ssh_key_type = data.get(constants.SSHS_SSH_KEY_TYPE) ssh_key_bits = data.get(constants.SSHS_SSH_KEY_BITS) common.GenerateRootSshKeys(ssh_key_type, ssh_key_bits, error_fn=JoinError, _homedir_fn=_homedir_fn) if authorized_keys: if dry_run: logging.info("This is a dry run, not modifying %s", auth_keys_file) else: all_authorized_keys = [] for keys in authorized_keys.values(): all_authorized_keys += keys ssh.AddAuthorizedKeys(auth_keys_file, all_authorized_keys)
def testAddingNewKeys(self): ssh.AddAuthorizedKeys(self.tmpname, ["ssh-dss AAAAB3NzaC1kc3MAAACB root@test"]) self.assertFileContent(self.tmpname, "ssh-dss AAAAB3NzaC1w5256closdj32mZaQU root@key-a\n" 'command="/usr/bin/fooserver -t --verbose",from="198.51.100.4"' " ssh-dss AAAAB3NzaC1w520smc01ms0jfJs22 root@key-b\n" "ssh-dss AAAAB3NzaC1kc3MAAACB root@test\n") ssh.AddAuthorizedKeys(self.tmpname, ["ssh-dss AAAAB3asdfasdfaYTUCB laracroft@test", "ssh-dss AasdfliuobaosfMAAACB frodo@test"]) self.assertFileContent(self.tmpname, "ssh-dss AAAAB3NzaC1w5256closdj32mZaQU root@key-a\n" 'command="/usr/bin/fooserver -t --verbose",from="198.51.100.4"' " ssh-dss AAAAB3NzaC1w520smc01ms0jfJs22 root@key-b\n" "ssh-dss AAAAB3NzaC1kc3MAAACB root@test\n" "ssh-dss AAAAB3asdfasdfaYTUCB laracroft@test\n" "ssh-dss AasdfliuobaosfMAAACB frodo@test\n")
def testAddingDuplicateKeys(self): ssh.AddAuthorizedKey(self.tmpname, "ssh-dss AAAAB3NzaC1kc3MAAACB root@test") ssh.AddAuthorizedKeys(self.tmpname, ["ssh-dss AAAAB3NzaC1kc3MAAACB root@test", "ssh-dss AAAAB3NzaC1kc3MAAACB root@test"]) self.assertFileContent(self.tmpname, "ssh-dss AAAAB3NzaC1w5256closdj32mZaQU root@key-a\n" 'command="/usr/bin/fooserver -t --verbose",from="198.51.100.4"' " ssh-dss AAAAB3NzaC1w520smc01ms0jfJs22 root@key-b\n" "ssh-dss AAAAB3NzaC1kc3MAAACB root@test\n")
def UpdateAuthorizedKeys(data, dry_run, _homedir_fn=None): """Updates root's C{authorized_keys} file. @type data: dict @param data: Input data @type dry_run: boolean @param dry_run: Whether to perform a dry run """ instructions = data.get(constants.SSHS_SSH_AUTHORIZED_KEYS) if not instructions: logging.info("No change to the authorized_keys file requested.") return (action, authorized_keys) = instructions (auth_keys_file, _) = \ ssh.GetAllUserFiles(constants.SSH_LOGIN_USER, mkdir=True, _homedir_fn=_homedir_fn) key_values = [] for key_value in authorized_keys.values(): key_values += key_value if action == constants.SSHS_ADD: if dry_run: logging.info("This is a dry run, not adding keys to %s", auth_keys_file) else: if not os.path.exists(auth_keys_file): utils.WriteFile(auth_keys_file, mode=0600, data="") ssh.AddAuthorizedKeys(auth_keys_file, key_values) elif action == constants.SSHS_REMOVE: if dry_run: logging.info("This is a dry run, not removing keys from %s", auth_keys_file) else: ssh.RemoveAuthorizedKeys(auth_keys_file, key_values) else: raise SshUpdateError( "Action '%s' not implemented for authorized keys." % action)
def testOtherKeyTypes(self): key_rsa = "ssh-rsa AAAAimnottypingallofthathere0jfJs22 test@test" key_ed25519 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOlcZ6cpQTGow0LZECRHWn9"\ "7Yvn16J5un501T/RcbfuF fast@secure" key_ecdsa = "ecdsa-sha2-nistp256 AAAAE2VjZHNtoolongk/TNhVbEg= secure@secure" def _ToFileContent(keys): return '\n'.join(keys) + '\n' ssh.AddAuthorizedKeys(self.tmpname, [key_rsa, key_ed25519, key_ecdsa]) self.assertFileContent(self.tmpname, _ToFileContent([self.KEY_A, self.KEY_B, key_rsa, key_ed25519, key_ecdsa])) ssh.RemoveAuthorizedKey(self.tmpname, key_ed25519) self.assertFileContent(self.tmpname, _ToFileContent([self.KEY_A, self.KEY_B, key_rsa, key_ecdsa])) ssh.RemoveAuthorizedKey(self.tmpname, key_rsa) ssh.RemoveAuthorizedKey(self.tmpname, key_ecdsa) self.assertFileContent(self.tmpname, _ToFileContent([self.KEY_A, self.KEY_B]))