示例#1
0
    def test_multiple_authorizedkeys_file_multiuser(self, m_getpwnam):
        fpw = FakePwEnt(pw_name='bobby', pw_dir='/tmp/home2/bobby')
        m_getpwnam.return_value = fpw
        user_ssh_folder = "%s/.ssh" % fpw.pw_dir
        # /tmp/home2/bobby/.ssh/authorized_keys2 = rsa
        authorized_keys = self.tmp_path('authorized_keys2',
                                        dir=user_ssh_folder)
        util.write_file(authorized_keys, VALID_CONTENT['rsa'])
        # /tmp/home2/bobby/.ssh/user_keys3 = dsa
        user_keys = self.tmp_path('user_keys3', dir=user_ssh_folder)
        util.write_file(user_keys, VALID_CONTENT['dsa'])

        fpw2 = FakePwEnt(pw_name='suzie', pw_dir='/tmp/home/suzie')
        user_ssh_folder = "%s/.ssh" % fpw2.pw_dir
        # /tmp/home/suzie/.ssh/authorized_keys2 = [email protected]
        authorized_keys2 = self.tmp_path('authorized_keys2',
                                         dir=user_ssh_folder)
        util.write_file(authorized_keys2,
                        VALID_CONTENT['*****@*****.**'])

        # /tmp/etc/ssh/authorized_keys = ecdsa
        authorized_keys_global = self.tmp_path('etc/ssh/authorized_keys2',
                                               dir="/tmp")
        util.write_file(authorized_keys_global, VALID_CONTENT['ecdsa'])

        # /tmp/sshd_config
        sshd_config = self.tmp_path('sshd_config', dir="/tmp")
        util.write_file(
            sshd_config, "AuthorizedKeysFile %s %%h/.ssh/authorized_keys2 %s" %
            (authorized_keys_global, user_keys))

        # process first user
        (auth_key_fn, auth_key_entries) = ssh_util.extract_authorized_keys(
            fpw.pw_name, sshd_config)
        content = ssh_util.update_authorized_keys(auth_key_entries, [])

        self.assertEqual(user_keys, auth_key_fn)
        self.assertTrue(VALID_CONTENT['rsa'] in content)
        self.assertTrue(VALID_CONTENT['ecdsa'] in content)
        self.assertTrue(VALID_CONTENT['dsa'] in content)
        self.assertFalse(VALID_CONTENT['*****@*****.**'] in content)

        m_getpwnam.return_value = fpw2
        # process second user
        (auth_key_fn, auth_key_entries) = ssh_util.extract_authorized_keys(
            fpw2.pw_name, sshd_config)
        content = ssh_util.update_authorized_keys(auth_key_entries, [])

        self.assertEqual(authorized_keys2, auth_key_fn)
        self.assertTrue(VALID_CONTENT['*****@*****.**'] in content)
        self.assertTrue(VALID_CONTENT['ecdsa'] in content)
        self.assertTrue(VALID_CONTENT['dsa'] in content)
        self.assertFalse(VALID_CONTENT['rsa'] in content)
示例#2
0
    def test_multiple_authorizedkeys_file_local_global2(self, m_getpwnam):
        fpw = FakePwEnt(pw_name='bobby', pw_dir='/tmp/home2/bobby')
        m_getpwnam.return_value = fpw
        user_ssh_folder = "%s/.ssh" % fpw.pw_dir

        # /tmp/home2/bobby/.ssh/authorized_keys2 = rsa
        authorized_keys = self.tmp_path('authorized_keys2',
                                        dir=user_ssh_folder)
        util.write_file(authorized_keys, VALID_CONTENT['rsa'])

        # /tmp/home2/bobby/.ssh/user_keys3 = dsa
        user_keys = self.tmp_path('user_keys3', dir=user_ssh_folder)
        util.write_file(user_keys, VALID_CONTENT['dsa'])

        # /tmp/etc/ssh/authorized_keys = ecdsa
        authorized_keys_global = self.tmp_path('etc/ssh/authorized_keys',
                                               dir="/tmp")
        util.write_file(authorized_keys_global, VALID_CONTENT['ecdsa'])

        # /tmp/sshd_config
        sshd_config = self.tmp_path('sshd_config', dir="/tmp")
        util.write_file(
            sshd_config, "AuthorizedKeysFile %s %s %s" %
            (authorized_keys_global, authorized_keys, user_keys))

        (auth_key_fn, auth_key_entries) = ssh_util.extract_authorized_keys(
            fpw.pw_name, sshd_config)
        content = ssh_util.update_authorized_keys(auth_key_entries, [])

        self.assertEqual(user_keys, auth_key_fn)
        self.assertTrue(VALID_CONTENT['rsa'] in content)
        self.assertTrue(VALID_CONTENT['ecdsa'] in content)
        self.assertTrue(VALID_CONTENT['dsa'] in content)
def handle(name, cfg, cloud, log, _args):
    if 'no_ssh_fingerprints' in cfg:
        log.debug(("Skipping module named %s, "
                   "logging of ssh fingerprints disabled"), name)

    hash_meth = util.get_cfg_option_str(cfg, "authkey_hash", "md5")
    (users, _groups) = ds.normalize_users_groups(cfg, cloud.distro)
    for (user_name, _cfg) in users.items():
        (key_fn, key_entries) = ssh_util.extract_authorized_keys(user_name)
        _pprint_key_entries(user_name, key_fn, key_entries, hash_meth)
示例#4
0
def handle(name, cfg, cloud, log, _args):
    if util.is_true(cfg.get('no_ssh_fingerprints', False)):
        log.debug(("Skipping module named %s, "
                   "logging of SSH fingerprints disabled"), name)
        return

    hash_meth = util.get_cfg_option_str(cfg, "authkey_hash", "sha256")
    (users, _groups) = ug_util.normalize_users_groups(cfg, cloud.distro)
    for (user_name, _cfg) in users.items():
        (key_fn, key_entries) = ssh_util.extract_authorized_keys(user_name)
        _pprint_key_entries(user_name, key_fn, key_entries, hash_meth)
def handle(name, cfg, cloud, log, _args):
    if 'no_ssh_fingerprints' in cfg:
        log.debug(("Skipping module named %s, "
                   "logging of ssh fingerprints disabled"), name)

    hash_meth = util.get_cfg_option_str(cfg, "authkey_hash", "md5")
    (users, _groups) = ds.normalize_users_groups(cfg, cloud.distro)
    for (user_name, _cfg) in users.items():
        (key_fn, key_entries) = ssh_util.extract_authorized_keys(user_name)
        _pprint_key_entries(user_name, key_fn,
                            key_entries, hash_meth)
示例#6
0
    def execute_and_check(
        self, user, sshd_config, solution, keys, delete_keys=True
    ):
        (auth_key_fn, auth_key_entries) = ssh_util.extract_authorized_keys(
            user, sshd_config
        )
        content = ssh_util.update_authorized_keys(auth_key_entries, [])

        self.assertEqual("%s/.ssh/authorized_keys" % fpw.pw_dir, auth_key_fn)
        self.assertTrue(VALID_CONTENT['rsa'] in content)
        self.assertFalse(VALID_CONTENT['dsa'] in content)
示例#7
0
    def test_multiple_authorizedkeys_file_global(self, m_getpwnam):
        fpw = FakePwEnt(pw_name='bobby', pw_dir='/tmp/home2/bobby')
        m_getpwnam.return_value = fpw

        # /tmp/etc/ssh/authorized_keys = rsa
        authorized_keys_global = self.tmp_path('etc/ssh/authorized_keys',
                                               dir="/tmp")
        util.write_file(authorized_keys_global, VALID_CONTENT['rsa'])

        # /tmp/sshd_config
        sshd_config = self.tmp_path('sshd_config')
        util.write_file(sshd_config,
                        "AuthorizedKeysFile %s" % (authorized_keys_global))

        (auth_key_fn, auth_key_entries) = ssh_util.extract_authorized_keys(
            fpw.pw_name, sshd_config)
        content = ssh_util.update_authorized_keys(auth_key_entries, [])

        self.assertEqual("%s/.ssh/authorized_keys" % fpw.pw_dir, auth_key_fn)
        self.assertTrue(VALID_CONTENT['rsa'] in content)
示例#8
0
    def test_multiple_authorizedkeys_file_order2(self, m_getpwnam):
        fpw = FakePwEnt(pw_name='suzie', pw_dir='/home/suzie')
        m_getpwnam.return_value = fpw
        authorized_keys = self.tmp_path('authorized_keys')
        util.write_file(authorized_keys, VALID_CONTENT['rsa'])

        user_keys = self.tmp_path('user_keys')
        util.write_file(user_keys, VALID_CONTENT['dsa'])

        sshd_config = self.tmp_path('sshd_config')
        util.write_file(
            sshd_config,
            "AuthorizedKeysFile %s %s" % (user_keys, authorized_keys))

        (auth_key_fn, auth_key_entries) = ssh_util.extract_authorized_keys(
            fpw.pw_name, sshd_config)
        content = ssh_util.update_authorized_keys(auth_key_entries, [])

        self.assertEqual(user_keys, auth_key_fn)
        self.assertTrue(VALID_CONTENT['rsa'] in content)
        self.assertTrue(VALID_CONTENT['dsa'] in content)