|
 |
f72280 |
From b84a1e6d246bbb758f0530038612bd18eff71767 Mon Sep 17 00:00:00 2001
|
|
|
f72280 |
From: Eduardo Otubo <otubo@redhat.com>
|
|
|
f72280 |
Date: Tue, 8 Dec 2020 13:27:22 +0100
|
|
|
f72280 |
Subject: [PATCH 4/4] ssh_util: handle non-default AuthorizedKeysFile config
|
|
|
f72280 |
(#586)
|
|
|
f72280 |
|
|
|
f72280 |
RH-Author: Eduardo Terrell Ferrari Otubo (eterrell)
|
|
|
f72280 |
RH-MergeRequest: 28: ssh_util: handle non-default AuthorizedKeysFile config (#586)
|
|
|
f72280 |
RH-Commit: [1/1] f7ce396e3002c53a3504e653b58810efb956aa26 (eterrell/cloud-init)
|
|
|
f72280 |
RH-Bugzilla: 1862967
|
|
|
f72280 |
|
|
|
f72280 |
commit b0e73814db4027dba0b7dc0282e295b7f653325c
|
|
|
f72280 |
Author: Eduardo Otubo <otubo@redhat.com>
|
|
|
f72280 |
Date: Tue Oct 20 18:04:59 2020 +0200
|
|
|
f72280 |
|
|
|
f72280 |
ssh_util: handle non-default AuthorizedKeysFile config (#586)
|
|
|
f72280 |
|
|
|
f72280 |
The following commit merged all ssh keys into a default user file
|
|
|
f72280 |
`~/.ssh/authorized_keys` in sshd_config had multiple files configured for
|
|
|
f72280 |
AuthorizedKeysFile:
|
|
|
f72280 |
|
|
|
f72280 |
commit f1094b1a539044c0193165a41501480de0f8df14
|
|
|
f72280 |
Author: Eduardo Otubo <otubo@redhat.com>
|
|
|
f72280 |
Date: Thu Dec 5 17:37:35 2019 +0100
|
|
|
f72280 |
|
|
|
f72280 |
Multiple file fix for AuthorizedKeysFile config (#60)
|
|
|
f72280 |
|
|
|
f72280 |
This commit ignored the case when sshd_config would have a single file for
|
|
|
f72280 |
AuthorizedKeysFile, but a non default configuration, for example
|
|
|
f72280 |
`~/.ssh/authorized_keys_foobar`. In this case cloud-init would grab all keys
|
|
|
f72280 |
from this file and write a new one, the default `~/.ssh/authorized_keys`
|
|
|
f72280 |
causing the bug.
|
|
|
f72280 |
|
|
|
f72280 |
rhbz: #1862967
|
|
|
f72280 |
|
|
|
f72280 |
Signed-off-by: Eduardo Otubo <otubo@redhat.com>
|
|
|
f72280 |
|
|
|
f72280 |
Signed-off-by: Eduardo Otubo <otubo@redhat.com>
|
|
|
f72280 |
---
|
|
|
f72280 |
cloudinit/ssh_util.py | 6 +++---
|
|
|
f72280 |
tests/unittests/test_sshutil.py | 6 +++---
|
|
|
f72280 |
2 files changed, 6 insertions(+), 6 deletions(-)
|
|
|
f72280 |
|
|
|
f72280 |
diff --git a/cloudinit/ssh_util.py b/cloudinit/ssh_util.py
|
|
|
f72280 |
index c08042d6..d5113996 100644
|
|
|
f72280 |
--- a/cloudinit/ssh_util.py
|
|
|
f72280 |
+++ b/cloudinit/ssh_util.py
|
|
|
f72280 |
@@ -262,13 +262,13 @@ def extract_authorized_keys(username, sshd_cfg_file=DEF_SSHD_CFG):
|
|
|
f72280 |
|
|
|
f72280 |
except (IOError, OSError):
|
|
|
f72280 |
# Give up and use a default key filename
|
|
|
f72280 |
- auth_key_fns[0] = default_authorizedkeys_file
|
|
|
f72280 |
+ auth_key_fns.append(default_authorizedkeys_file)
|
|
|
f72280 |
util.logexc(LOG, "Failed extracting 'AuthorizedKeysFile' in SSH "
|
|
|
f72280 |
"config from %r, using 'AuthorizedKeysFile' file "
|
|
|
f72280 |
"%r instead", DEF_SSHD_CFG, auth_key_fns[0])
|
|
|
f72280 |
|
|
|
f72280 |
- # always store all the keys in the user's private file
|
|
|
f72280 |
- return (default_authorizedkeys_file, parse_authorized_keys(auth_key_fns))
|
|
|
f72280 |
+ # always store all the keys in the first file configured on sshd_config
|
|
|
f72280 |
+ return (auth_key_fns[0], parse_authorized_keys(auth_key_fns))
|
|
|
f72280 |
|
|
|
f72280 |
|
|
|
f72280 |
def setup_user_keys(keys, username, options=None):
|
|
|
f72280 |
diff --git a/tests/unittests/test_sshutil.py b/tests/unittests/test_sshutil.py
|
|
|
f72280 |
index fd1d1bac..88a111e3 100644
|
|
|
f72280 |
--- a/tests/unittests/test_sshutil.py
|
|
|
f72280 |
+++ b/tests/unittests/test_sshutil.py
|
|
|
f72280 |
@@ -593,7 +593,7 @@ class TestMultipleSshAuthorizedKeysFile(test_helpers.CiTestCase):
|
|
|
f72280 |
fpw.pw_name, sshd_config)
|
|
|
f72280 |
content = ssh_util.update_authorized_keys(auth_key_entries, [])
|
|
|
f72280 |
|
|
|
f72280 |
- self.assertEqual("%s/.ssh/authorized_keys" % fpw.pw_dir, auth_key_fn)
|
|
|
f72280 |
+ self.assertEqual(authorized_keys, auth_key_fn)
|
|
|
f72280 |
self.assertTrue(VALID_CONTENT['rsa'] in content)
|
|
|
f72280 |
self.assertTrue(VALID_CONTENT['dsa'] in content)
|
|
|
f72280 |
|
|
|
f72280 |
@@ -610,7 +610,7 @@ class TestMultipleSshAuthorizedKeysFile(test_helpers.CiTestCase):
|
|
|
f72280 |
sshd_config = self.tmp_path('sshd_config')
|
|
|
f72280 |
util.write_file(
|
|
|
f72280 |
sshd_config,
|
|
|
f72280 |
- "AuthorizedKeysFile %s %s" % (authorized_keys, user_keys)
|
|
|
f72280 |
+ "AuthorizedKeysFile %s %s" % (user_keys, authorized_keys)
|
|
|
f72280 |
)
|
|
|
f72280 |
|
|
|
f72280 |
(auth_key_fn, auth_key_entries) = ssh_util.extract_authorized_keys(
|
|
|
f72280 |
@@ -618,7 +618,7 @@ class TestMultipleSshAuthorizedKeysFile(test_helpers.CiTestCase):
|
|
|
f72280 |
)
|
|
|
f72280 |
content = ssh_util.update_authorized_keys(auth_key_entries, [])
|
|
|
f72280 |
|
|
|
f72280 |
- self.assertEqual("%s/.ssh/authorized_keys" % fpw.pw_dir, auth_key_fn)
|
|
|
f72280 |
+ self.assertEqual(user_keys, auth_key_fn)
|
|
|
f72280 |
self.assertTrue(VALID_CONTENT['rsa'] in content)
|
|
|
f72280 |
self.assertTrue(VALID_CONTENT['dsa'] in content)
|
|
|
f72280 |
|
|
|
f72280 |
--
|
|
|
f72280 |
2.18.4
|
|
|
f72280 |
|