diff options
Diffstat (limited to 'cloudinit/config/cc_ssh.py')
-rw-r--r-- | cloudinit/config/cc_ssh.py | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/cloudinit/config/cc_ssh.py b/cloudinit/config/cc_ssh.py index c9e59d16..1ec889f3 100644 --- a/cloudinit/config/cc_ssh.py +++ b/cloudinit/config/cc_ssh.py @@ -187,8 +187,8 @@ for k in GENERATE_KEY_NAMES: CONFIG_KEY_TO_FILE.update( { f"{k}_private": (KEY_FILE_TPL % k, 0o600), - f"{k}_public": (f"{KEY_FILE_TPL % k}.pub", 0o600), - f"{k}_certificate": (f"{KEY_FILE_TPL % k}-cert.pub", 0o600), + f"{k}_public": (f"{KEY_FILE_TPL % k}.pub", 0o644), + f"{k}_certificate": (f"{KEY_FILE_TPL % k}-cert.pub", 0o644), } ) PRIV_TO_PUB[f"{k}_private"] = f"{k}_public" @@ -211,6 +211,7 @@ def handle( if "ssh_keys" in cfg: # if there are keys and/or certificates in cloud-config, use them + cert_config = [] for (key, val) in cfg["ssh_keys"].items(): if key not in CONFIG_KEY_TO_FILE: if pattern_unsupported_config_keys.match(key): @@ -224,8 +225,10 @@ def handle( util.write_file(tgt_fn, val, tgt_perms) # set server to present the most recently identified certificate if "_certificate" in key: - cert_config = {"HostCertificate": tgt_fn} - ssh_util.update_ssh_config(cert_config) + cert_config.append(("HostCertificate", str(tgt_fn))) + + if cert_config: + ssh_util.append_ssh_config(cert_config) for private_type, public_type in PRIV_TO_PUB.items(): if ( |