summaryrefslogtreecommitdiff
path: root/cloudinit/ssh_util.py
Commit message (Collapse)AuthorAgeFilesLines
* Fix private key permissions when openssh not earlier than 9.0 #2072sxt10012023-04-021-1/+47
| | | | | | | | Cloud-init's host key generation mimics that of sshd-keygen. It used to generate 640 permissions, but going forward it should be 600. Check sshd version to set the permissions appropriately. LP: #2011291
* cc_ssh: support multiple hostcertificates (#2018)Alberto Contreras2023-02-161-8/+27
| | | LP: #1999164
* Refactor: Drop inheritance from object (#1728)Alberto Contreras2022-09-141-3/+3
| | | As we do not support python2 anymore, we can remove those 8 chars.
* ssh_util: Handle sshd_config.d folderAlberto Contreras2022-08-051-0/+17
| | | | | | Write sshd config to /etc/ssh/sshd_config.d/50-cloud-init.conf if the sshd_config sources sshd_config.d LP: #1968873
* Adopt Black and isort (SC-700) (#1157)James Falcon2021-12-151-63/+109
| | | | | Applied Black and isort, fixed any linting issues, updated tox.ini and CI.
* ssh_utils.py: ignore when sshd_config options are not key/value pairs (#1007)Emanuele Giuseppe Esposito2021-09-071-1/+7
| | | | | | | | | | | | | | | | | As specified in #LP 1845552, In cloudinit/ssh_util.py, in parse_ssh_config_lines(), we attempt to parse each line of sshd_config. This function expects each line to be one of the following forms: \# comment key value key=value However, options like DenyGroups and DenyUsers are specified to *optionally* accepts values in sshd_config. Cloud-init should comply to this and skip the option if a value is not provided. Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
* Fix home permissions modified by ssh module (SC-338) (#984)James Falcon2021-08-201-5/+30
| | | | | | | | | | Fix home permissions modified by ssh module In #956, we updated the file and directory permissions for keys not in the user's home directory. We also unintentionally modified the permissions within the home directory as well. These should not change, and this commit changes that back. LP: #1940233
* Stop copying ssh system keys and check folder permissions (#956)Emanuele Giuseppe Esposito2021-08-091-13/+120
| | | | | | | | | | | | | | | | | | | | | | | | | | | | In /etc/ssh/sshd_config, it is possible to define a custom authorized_keys file that will contain the keys allowed to access the machine via the AuthorizedKeysFile option. Cloudinit is able to add user-specific keys to the existing ones, but we need to be careful on which of the authorized_keys files listed to pick. Chosing a file that is shared by all user will cause security issues, because the owner of that key can then access also other users. We therefore pick an authorized_keys file only if it satisfies the following conditions: 1. it is not a "global" file, ie it must be defined in AuthorizedKeysFile with %u, %h or be in /home/<user>. This avoids security issues. 2. it must comply with ssh permission requirements, otherwise the ssh agent won't use that file. If it doesn't meet either of those conditions, write to ~/.ssh/authorized_keys We also need to consider the case when the chosen authorized_keys file does not exist. In this case, the existing behavior of cloud-init is to create the new file. We therefore need to be sure that the file complies with ssh permissions too, by setting: - the actual file to permission 600, and owned by the user - the directories in the path that do not exist must be root owned and with permission 755.
* ssh-util: allow cloudinit to merge all ssh keys into a custom user file, ↵Emanuele Giuseppe Esposito2021-07-121-3/+19
| | | | | | | | | | | | | | | | | | | | | | | | defined in AuthorizedKeysFile (#937) This patch aims to fix LP1911680, by analyzing the files provided in sshd_config and merge all keys into an user-specific file. Also introduces additional tests to cover this specific case. The file is picked by analyzing the path given in AuthorizedKeysFile. If it points inside the current user folder (path is /home/user/*), it means it is an user-specific file, so we can copy all user-keys there. If it contains a %u or %h, it means that there will be a specific authorized_keys file for each user, so we can copy all user-keys there. If no path points to an user-specific file, for example when only /etc/ssh/authorized_keys is given, default to ~/.ssh/authorized_keys. Note that if there are more than a single user-specific file, the last one will be picked. Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com> Co-authored-by: James Falcon <therealfalcon@gmail.com> LP: #1911680 RHBZ:1862967
* Revert "ssh_util: handle non-default AuthorizedKeysFile config (#586)" (#775)Daniel Watkins2021-01-191-3/+3
| | | This reverts commit b0e73814db4027dba0b7dc0282e295b7f653325c.
* ssh_util: handle non-default AuthorizedKeysFile config (#586)Eduardo Otubo2020-10-201-3/+3
| | | | | | | | | | | | | | | | | | | | | The following commit merged all ssh keys into a default user file `~/.ssh/authorized_keys` in sshd_config had multiple files configured for AuthorizedKeysFile: commit f1094b1a539044c0193165a41501480de0f8df14 Author: Eduardo Otubo <otubo@redhat.com> Date: Thu Dec 5 17:37:35 2019 +0100 Multiple file fix for AuthorizedKeysFile config (#60) This commit ignored the case when sshd_config would have a single file for AuthorizedKeysFile, but a non default configuration, for example `~/.ssh/authorized_keys_foobar`. In this case cloud-init would grab all keys from this file and write a new one, the default `~/.ssh/authorized_keys` causing the bug. rhbz: #1862967 Signed-off-by: Eduardo Otubo <otubo@redhat.com>
* Update the list of valid ssh keys. (#487)Ole-Martin Bratteng2020-08-211-12/+28
| | | | | | | | | | | | | Update ssh_util.py with latest list of keys (from openssh-8.3p1/sshkey.c), Added keys: sk-ecdsa-sha2-nistp256-cert-v01@openssh.com sk-ecdsa-sha2-nistp256@openssh.com sk-ssh-ed25519-cert-v01@openssh.com sk-ssh-ed25519@openssh.com ssh-xmss-cert-v01@openssh.com ssh-xmss@openssh.com LP: #1877869
* ssh exit with non-zero status on disabled user (#472)Eduardo Otubo2020-07-151-1/+3
| | | | | | | | | | | | | | It is confusing for scripts, where a disabled user has been specified, that ssh exits with a zero status by default without indication anything failed. I think exitting with a non-zero status would make more clear in scripts and automated setups where things failed, thus making noticing the issue and debugging easier. Signed-off-by: Eduardo Otubo <otubo@redhat.com> Signed-off-by: Aleksandar Kostadinov <akostadi@redhat.com> LP: #1170059
* util: rename write_file's copy_mode parameter to preserve_mode (#439)Daniel Watkins2020-06-171-1/+1
| | | | | When updating the docstring to include it, I realised that the current name is somewhat misleading; this makes it a little easier to understand, I think.
* test: fix all flake8 E741 errors (#401)Joshua Powers2020-06-011-1/+3
| | | | This removes the use of variables named ‘l’, ‘O’, or ‘I’. Generally these are used in list comprehension to read the line of lines.
* cloud-init: fix capitalisation of SSH (#126)Daniel Watkins2019-12-181-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | * cc_ssh: fix capitalisation of SSH * doc: fix capitalisation of SSH * cc_keys_to_console: fix capitalisation of SSH * ssh_util: fix capitalisation of SSH * DataSourceIBMCloud: fix capitalisation of SSH * DataSourceAzure: fix capitalisation of SSH * cs_utils: fix capitalisation of SSH * distros/__init__: fix capitalisation of SSH * cc_set_passwords: fix capitalisation of SSH * cc_ssh_import_id: fix capitalisation of SSH * cc_users_groups: fix capitalisation of SSH * cc_ssh_authkey_fingerprints: fix capitalisation of SSH
* Multiple file fix for AuthorizedKeysFile config (#60)Eduardo Otubo2019-12-051-29/+43
| | | | | | | | | | | | | Currently cloud-init does not know how to handle multiple file configuration on section AuthorizedKeysFile of ssh configuration. cloud-init will mess up the home user directory by creating bogus folders inside it. This patch provides a fix for this erroneous behavior. It gathers all keys from all the files listed on the section AuthorizedKeysFile of ssh configuration and merge all of them inside home user ~/.ssh/authorized_keys of the vm deployed. Signed-off-by: Eduardo Otubo <otubo@redhat.com>
* config: disable ssh access to a configured user accountChad Smith2018-09-081-0/+6
| | | | | | | | | | | | | Cloud config can now disable ssh access to non-root users. When defining the 'users' list in cloud-configuration a boolean 'ssh_redirect_user: true' can be provided to disable ssh logins for that user. Any ssh 'public-keys' defined in cloud meta-data will be added and disabled in .ssh/authorized_keys. Any attempts to ssh as this user using acceptable ssh keys will be presented with a message like the following: Please login as the user "ubuntu" rather than the user "youruser".
* set_passwords: Add newline to end of sshd config, only restart if updated.Scott Moser2018-04-201-7/+63
| | | | | | | | | | | | | | | | | | | | This admittedly does a fairly extensive re-factor to simply add a newline to the end of sshd_config. It makes the ssh_config updating portion of set_passwords more testable and adds tests for that. The new function is in 'update_ssh_config_lines' which allows you to update a config with multiple changes even though only a single one is currently used. We also only restart the ssh daemon now if a change was made to the config file. Before it was always restarted if the user specified a value for ssh_pwauth other than 'unchanged'. Thanks to Lorens Kockum for initial diagnosis and patch. LP: #1677205
* Fix ssh keys validation in ssh_utilTatiana Kholkina2018-02-021-4/+1
| | | | This fixes a bug where invalid keys would sneak into authorized_keys.
* Add 3 ecdsa-sha2-nistp* ssh key types now that they are standardizedLars Kellogg-Stedman2017-01-241-0/+3
| | | | | | | | | | cloud-init adds ssh_authorized_keys to the default user and to root but for root it disables the keys with a prefix command. However, if the public_key key is of type ecdsa-sha2-nistp521, it is not parsed correctly, and the prefix command is not prepended. Resolves: rhbz#1151824 LP: #1658174
* LICENSE: Allow dual licensing GPL-3 or Apache 2.0Jon Grimm2016-12-221-18/+7
| | | | | | | | | | | | | | | | | | This has been a recurring ask and we had initially just made the change to the cloud-init 2.0 codebase. As the current thinking is we'll just continue to enhance the current codebase, its desirable to relicense to match what we'd intended as part of the 2.0 plan here. - put a brief description of license in LICENSE file - put full license versions in LICENSE-GPLv3 and LICENSE-Apache2.0 - simplify the per-file header to reference LICENSE - tox: ignore H102 (Apache License Header check) Add license header to files that ship. Reformat headers, make sure everything has vi: at end of file. Non-shipping files do not need the copyright header, but at the moment tests/ have it.
* pep8: whitespace fixScott Moser2016-12-201-0/+1
|
* Update the list of valid ssh keys.Michael Felt2016-12-201-7/+16
| | | | | | | | | | | | | | | | Update ssh_util.py with latest list of keys (from openssh-7.3p1/sshkeys.c), and remove extinct keys ending with "-v00@openssh.com" Added keys: rsa-sha2-256, rsa-sha2-512, ed25519, ssh-ed25519, ssh-ed25519-cert-v01@openssh.com Removed both of the double entries for the keys: ssh-dss-cert-v00@openssh.com ssh-rsa-cert-v00@openssh.com
* Update pep8 runner and fix pep8 issuesRyan Harper2016-03-031-1/+2
|
* Largely merge lp:~harlowja/cloud-init/py2-3 albeit manually because it seemedBarry Warsaw2015-01-211-3/+3
| | | | | | to be behind trunk. `tox -e py27` passes full test suite. Now to work on replacing mocker.
* Handle = used as config delimiter in SSH config.Daniel Watkins2014-11-121-1/+4
|
* fix and cleanup usage of util.logexcJuerg Haefliger2013-06-191-5/+3
|
* pep8 and pylint fixesScott Moser2013-03-071-6/+4
|
* fix reversed logicScott Moser2013-03-011-2/+2
|
* remove debug codeScott Moser2013-03-011-3/+0
|
* change parser.parse 'default_opts' to 'options'Scott Moser2013-03-011-13/+14
| | | | | | | | | | | | Now, parser.parse specifies options that override any options found, rather than just being default options. There could still potentially be a user for default_options, but since we're not using them anywhere, I've dropped it. The difference is that in setting up the root user, we're now insisting that all keys that go in there have the key_prefix, even if the key content had other options. I think this is actually the commit that fixes LP: #1136343.
* move function to a static list, comment where it came fromScott Moser2013-03-011-12/+9
|
* add some unit tests, fix an issue or twoScott Moser2013-03-011-51/+46
| | | | | | | | | | | * drop the parsing of options into csv, as we were only exploding them back. That can only result in error. Just do minimal parsing. * change the parsing of key lines to: if entry is valid: * use it else try taking off options: if good, use it else fail
* Helpful cleanups.harlowja2012-10-271-15/+11
| | | | | | | | | | | | | | | | 1. Remove the usage of the path.join function now that all code should be going through the util file methods (and they can be mocked out as needed). 2. Adjust all occurences of the above join function to either not use it or replace it with the standard os.path.join (which can also be mocked out as needed) 3. Fix pylint from complaining about the tests folder 'helpers.py' not being found 4. Add a pylintrc file that is used instead of the options hidden in the 'run_pylint' tool.
* Add support for printing out the authkey's for the default user.Joshua Harlow2012-08-181-40/+54
| | | | | | | | | | 1. Adjust the sshutil so that it has functions for doing this (used by the previous functions) 2. Create a new module that pretty prints out the given authorized keys fetched (if any) using the standard md5 scheme (for now), this module can be disabled by setting 'no_ssh_fingerprints' or just removing it from the running list.
* Don't remove the key if its not there (or was already removed)Joshua Harlow2012-06-291-1/+2
|
* Simplify sshd config loading to make it use one set of functions/objects/classesJoshua Harlow2012-06-211-6/+43
|
* Massive pylint + pep8 fixups!Joshua Harlow2012-06-201-3/+2
|
* Ensure any authorized key file found in authorized keys is path adjusted as wellharlowja2012-06-201-1/+1
|
* Make most of all the places use the paths join() function so that testing ↵Joshua Harlow2012-06-191-3/+7
| | | | with non-real read/write paths is easier.
* Remove default since it will never be called that way and apply default ↵Joshua Harlow2012-06-161-4/+1
| | | | since its not currently being called that way
* Send in src line instead of stripped line.Joshua Harlow2012-06-161-8/+8
|
* Update ssh_util to have a parser class and a line entry class. Joshua Harlow2012-06-161-47/+71
| | | | | | | | | Also have a method that will parse the authorized key file. This allows: 1. Testing of parsing seperate from testing of entry construction. 1. Testing of authorized key file parsing, separate from updating.
* Comments as to why we are using a csv parser and do some of the logic checks ↵Joshua Harlow2012-06-161-0/+10
| | | | that are done for option extraction
* Ensure when an exception is captured that we use the util.logexc helper.Joshua Harlow2012-06-151-10/+10
|
* Add comments on formats, add in function that handles option extraction + ↵Joshua Harlow2012-06-111-43/+62
| | | | other pylint cleanups.
* Cleanup this and add refactoring around large constructors (add a parse ↵Joshua Harlow2012-06-091-122/+155
| | | | method). Handle error cases better...
* Remove the main function from this, seems like that should be in a test if ↵Joshua Harlow2012-06-081-37/+0
| | | | needed.
* 1. Adding some new helper files that split off file inclusion, templating, ↵Joshua Harlow2012-06-071-0/+227
importing, constant usage. 1. Move all datasources to a new sources directory 1. Rename some files to be more consistent with python file/module naming.
View Lorry Controller Status