def readKeys(keydir): """ Read SSH public keys from ``keydir/*.pub`` """ for filename in os.listdir(keydir): if filename.startswith('.'): continue basename, ext = os.path.splitext(filename) if ext != '.pub': continue if not sshkey.isSafeUsername(basename): log.warn('Unsafe SSH username in keyfile: %r', filename) continue path = os.path.join(keydir, filename) fp = file(path) for line in fp: line = line.rstrip('\n') if line.startswith('#'): continue line = line.strip() if len(line) > 0: try: yield (basename, sshkey.get_ssh_pubkey(line)) except sshkey.MalformedSSHKey as e: log.warn('Malformed SSH key in %r: %r', filename, e); fp.close()
def test_sshkey_username_caps(): _ = sshkey.get_ssh_pubkey( 'ssh-rsa ' +'0123456789ABCDEFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' +'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' +'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' +'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= [email protected]') got = _.username eq(got, '*****@*****.**')
def test_sshkey_username_no_at(): _ = sshkey.get_ssh_pubkey( 'ssh-rsa ' +'0123456789ABCDEFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' +'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' +'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' +'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= fakeuser') got = _.username eq(got, 'fakeuser')
def test_sshkey_username_dash(): _ = sshkey.get_ssh_pubkey( 'ssh-rsa ' +'0123456789ABCDEFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' +'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' +'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' +'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= [email protected]') got = _.username eq(got, '*****@*****.**')
def test_sshkey_username_simple(): _ = sshkey.get_ssh_pubkey( 'ssh-rsa ' +'0123456789ABCDEFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' +'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' +'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' +'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= fakeuser@fakehost') got = _.username eq(got, 'fakeuser@fakehost')
def test_sshkey_username_domain(): _ = sshkey.get_ssh_pubkey( 'ssh-rsa ' +'0123456789ABCDEFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' +'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' +'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' +'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= [email protected]') got = _.username eq(got, '*****@*****.**')
def test_sshkey_username_domain_dashes(): _ = sshkey.get_ssh_pubkey( 'ssh-rsa ' +'0123456789ABCDEFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' +'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' +'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' +'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= ' +'*****@*****.**') got = _.username eq(got, '*****@*****.**')
def test_sshkey_username_bad(): # The '#' and characters after it are part of an actual comment in the file # and are ignored. try: _ = sshkey.get_ssh_pubkey( 'ssh-rsa AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' +'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' +'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' +'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= ER3%#@e%') got = _.username except sshkey.InsecureSSHKeyUsername, e: eq(str(e), "Username contains not allowed characters: 'ER3%'") raise e
def filterAuthorizedKeys(fp): """ Read lines from ``fp``, filter out autogenerated ones. Note removes newlines. """ for line in fp: line = line.rstrip('\n') if line == COMMENT: continue try: key = sshkey.get_ssh_pubkey(line) if 'command' in key.options and \ _COMMAND_RE.match(key.options['command']): continue except sshkey.MalformedSSHKey: pass yield line
def handle_args(self, parser, cfg, options, args): #pragma: no cover """Parse the input for this program.""" super(Main, self).handle_args(parser, cfg, options, args) os.umask(0022) log.info('Reading SSH public key...') pubkey = read_ssh_pubkey(options.adminkey) if options.adminname is None: _ = sshkey.get_ssh_pubkey(pubkey) user = _.username else: user = options.adminname user = user.strip() if user is None: log.error('Cannot parse user from SSH public key.') sys.exit(1) log.info('Admin user is %r', user) log.info('Creating generated files directory...') generated = cfg.generated_files_dir util.mkdir(generated) log.info('Creating repository structure...') repositories = cfg.repository_dir util.mkdir(repositories) admin_repository = os.path.join(repositories, 'gitosis-admin.git') init_admin_repository( git_dir=admin_repository, pubkey=pubkey, user=user, config=cfg, ) log.info('Running post-update hook...') util.mkdir(os.path.expanduser('~/.ssh'), 0700) run_hook.post_update(cfg=cfg, git_dir=admin_repository) log.info('Symlinking ~/.gitosis.conf to repository...') symlink_config(git_dir=admin_repository) log.info('Done.')
def k(): yield ('jdoe', sshkey.get_ssh_pubkey(KEY_1)) yield ('wsmith', sshkey.get_ssh_pubkey(KEY_2))