def generate_key_for_user(self,
username,
ignore_existing=False,
auth_new_key=False,
auth_conn_key=False):
"""
Generates an id_rsa/id_rsa.pub keypair combo for a user on the remote
machine.
ignore_existing - if False, any existing key combos will be used rather
than generating a new RSA key
auth_new_key - if True, add the newly generated public key to the
remote user's authorized_keys file
auth_conn_key - if True, add the public key used to establish this ssh
connection to the remote user's authorized_keys
"""
user = self.getpwnam(username)
home_folder = user.pw_dir
ssh_folder = posixpath.join(home_folder, '.ssh')
if not self.ssh.isdir(ssh_folder):
self.ssh.mkdir(ssh_folder)
self.ssh.chown(user.pw_uid, user.pw_gid, ssh_folder)
private_key = posixpath.join(ssh_folder, 'id_rsa')
public_key = private_key + '.pub'
authorized_keys = posixpath.join(ssh_folder, 'authorized_keys')
key_exists = self.ssh.isfile(private_key)
if key_exists and not ignore_existing:
log.debug("Using existing key: %s" % private_key)
key = self.ssh.load_remote_rsa_key(private_key)
else:
key = sshutils.generate_rsa_key()
pubkey_contents = sshutils.get_public_key(key)
if not key_exists or ignore_existing:
# copy public key to remote machine
pub_key = self.ssh.remote_file(public_key, 'w')
pub_key.write(pubkey_contents)
pub_key.chown(user.pw_uid, user.pw_gid)
pub_key.chmod(0400)
pub_key.close()
# copy private key to remote machine
priv_key = self.ssh.remote_file(private_key, 'w')
key.write_private_key(priv_key)
priv_key.chown(user.pw_uid, user.pw_gid)
priv_key.chmod(0400)
priv_key.close()
if not auth_new_key or not auth_conn_key:
return key
auth_keys_contents = ''
if self.ssh.isfile(authorized_keys):
auth_keys = self.ssh.remote_file(authorized_keys, 'r')
auth_keys_contents = auth_keys.read()
auth_keys.close()
auth_keys = self.ssh.remote_file(authorized_keys, 'a')
if auth_new_key:
# add newly generated public key to user's authorized_keys
if pubkey_contents not in auth_keys_contents:
log.debug("adding auth_key_contents")
auth_keys.write('%s\n' % pubkey_contents)
if auth_conn_key and self.ssh._pkey:
# add public key used to create the connection to user's
# authorized_keys
conn_key = self.ssh._pkey
conn_pubkey_contents = sshutils.get_public_key(conn_key)
if conn_pubkey_contents not in auth_keys_contents:
log.debug("adding conn_pubkey_contents")
auth_keys.write('%s\n' % conn_pubkey_contents)
auth_keys.chown(user.pw_uid, user.pw_gid)
auth_keys.chmod(0600)
auth_keys.close()
return key
def generate_key_for_user(self, username, ignore_existing=False,
auth_new_key=False, auth_conn_key=False):
"""
Generates an id_rsa/id_rsa.pub keypair combo for a user on the remote
machine.
ignore_existing - if False, any existing key combos will be used rather
than generating a new RSA key
auth_new_key - if True, add the newly generated public key to the
remote user's authorized_keys file
auth_conn_key - if True, add the public key used to establish this ssh
connection to the remote user's authorized_keys
"""
user = self.getpwnam(username)
home_folder = user.pw_dir
ssh_folder = posixpath.join(home_folder, '.ssh')
if not self.ssh.isdir(ssh_folder):
self.ssh.mkdir(ssh_folder)
self.ssh.chown(user.pw_uid, user.pw_gid, ssh_folder)
private_key = posixpath.join(ssh_folder, 'id_rsa')
public_key = private_key + '.pub'
authorized_keys = posixpath.join(ssh_folder, 'authorized_keys')
key_exists = self.ssh.isfile(private_key)
if key_exists and not ignore_existing:
log.debug("Using existing key: %s" % private_key)
key = self.ssh.load_remote_rsa_key(private_key)
else:
key = sshutils.generate_rsa_key()
pubkey_contents = sshutils.get_public_key(key)
if not key_exists or ignore_existing:
# copy public key to remote machine
pub_key = self.ssh.remote_file(public_key, 'w')
pub_key.write(pubkey_contents)
pub_key.chown(user.pw_uid, user.pw_gid)
pub_key.chmod(0400)
pub_key.close()
# copy private key to remote machine
priv_key = self.ssh.remote_file(private_key, 'w')
key.write_private_key(priv_key)
priv_key.chown(user.pw_uid, user.pw_gid)
priv_key.chmod(0400)
priv_key.close()
if not auth_new_key or not auth_conn_key:
return key
auth_keys_contents = ''
if self.ssh.isfile(authorized_keys):
auth_keys = self.ssh.remote_file(authorized_keys, 'r')
auth_keys_contents = auth_keys.read()
auth_keys.close()
auth_keys = self.ssh.remote_file(authorized_keys, 'a')
if auth_new_key:
# add newly generated public key to user's authorized_keys
if pubkey_contents not in auth_keys_contents:
log.debug("adding auth_key_contents")
auth_keys.write('%s\n' % pubkey_contents)
if auth_conn_key and self.ssh._pkey:
# add public key used to create the connection to user's
# authorized_keys
conn_key = self.ssh._pkey
conn_pubkey_contents = sshutils.get_public_key(conn_key)
if conn_pubkey_contents not in auth_keys_contents:
log.debug("adding conn_pubkey_contents")
auth_keys.write('%s\n' % conn_pubkey_contents)
auth_keys.chown(user.pw_uid, user.pw_gid)
auth_keys.chmod(0600)
auth_keys.close()
return key