authorization. See below for definition.
Lists of SSH keys use a tuple with three values. The first describes the
-key variant (``rsa`` or ``dsa``). The second and third are the public
-and private part of the key. Example:
+key variant (``rsa`` or ``dsa``). The second and third are the private
+and public part of the key. Example:
.. highlight:: javascript
::
[
- ("rsa", "AAAA...", "-----BEGIN RSA PRIVATE KEY-----..."),
- ("dsa", "AAAA...", "-----BEGIN DSA PRIVATE KEY-----..."),
+ ("rsa", "-----BEGIN RSA PRIVATE KEY-----...", "ssh-rss AAAA..."),
+ ("dsa", "-----BEGIN DSA PRIVATE KEY-----...", "ssh-dss AAAA..."),
]
.. vim: set textwidth=72 :
_SSH_DAEMON_KEYFILES = {
constants.SSHK_RSA:
- (pathutils.SSH_HOST_RSA_PUB, pathutils.SSH_HOST_RSA_PRIV),
+ (pathutils.SSH_HOST_RSA_PRIV, pathutils.SSH_HOST_RSA_PUB),
constants.SSHK_DSA:
- (pathutils.SSH_HOST_DSA_PUB, pathutils.SSH_HOST_DSA_PRIV),
+ (pathutils.SSH_HOST_DSA_PRIV, pathutils.SSH_HOST_DSA_PUB),
}
"""
assert set(keyfiles) == constants.SSHK_ALL
- for (kind, public_key, private_key) in keys:
- (public_file, private_file) = keyfiles[kind]
-
- logging.debug("Writing %s ...", public_file)
- utils.WriteFile(public_file, data=public_key, mode=0644,
- backup=True, dry_run=dry_run)
+ for (kind, private_key, public_key) in keys:
+ (private_file, public_file) = keyfiles[kind]
logging.debug("Writing %s ...", private_file)
utils.WriteFile(private_file, data=private_key, mode=0600,
backup=True, dry_run=dry_run)
+ logging.debug("Writing %s ...", public_file)
+ utils.WriteFile(public_file, data=public_key, mode=0644,
+ backup=True, dry_run=dry_run)
+
def UpdateSshDaemon(data, dry_run, _runcmd_fn=utils.RunCmd,
_keyfiles=None):
kind=constants.SSHK_RSA, _homedir_fn=_homedir_fn)
_UpdateKeyFiles(keys, dry_run, {
- constants.SSHK_RSA: (rsa_public_file, rsa_private_file),
- constants.SSHK_DSA: (dsa_public_file, dsa_private_file),
+ constants.SSHK_RSA: (rsa_private_file, rsa_public_file),
+ constants.SSHK_DSA: (dsa_private_file, dsa_public_file),
})
if dry_run:
self.keyfiles = {
constants.SSHK_RSA:
- (utils.PathJoin(self.tmpdir, "rsa.public"),
- utils.PathJoin(self.tmpdir, "rsa.private")),
+ (utils.PathJoin(self.tmpdir, "rsa.private"),
+ utils.PathJoin(self.tmpdir, "rsa.public")),
constants.SSHK_DSA:
- (utils.PathJoin(self.tmpdir, "dsa.public"),
- utils.PathJoin(self.tmpdir, "dsa.private")),
+ (utils.PathJoin(self.tmpdir, "dsa.private"),
+ utils.PathJoin(self.tmpdir, "dsa.public")),
}
def tearDown(self):
def testDryRunRsa(self):
self._TestDryRun({
constants.SSHS_SSH_HOST_KEY: [
- (constants.SSHK_RSA, "rsapub", "rsapriv"),
+ (constants.SSHK_RSA, "rsapriv", "rsapub"),
],
})
def testDryRunDsa(self):
self._TestDryRun({
constants.SSHS_SSH_HOST_KEY: [
- (constants.SSHK_DSA, "dsapub", "dsapriv"),
+ (constants.SSHK_DSA, "dsapriv", "dsapub"),
],
})
def _TestUpdate(self, failcmd):
data = {
constants.SSHS_SSH_HOST_KEY: [
- (constants.SSHK_DSA, "dsapub", "dsapriv"),
- (constants.SSHK_RSA, "rsapub", "rsapriv"),
+ (constants.SSHK_DSA, "dsapriv", "dsapub"),
+ (constants.SSHK_RSA, "rsapriv", "rsapub"),
],
}
runcmd_fn = compat.partial(self._RunCmd, failcmd)
prepare_node_join.UpdateSshDaemon(data, False, _runcmd_fn=runcmd_fn,
_keyfiles=self.keyfiles)
self.assertEqual(sorted(os.listdir(self.tmpdir)), sorted([
- "rsa.private", "rsa.public",
- "dsa.private", "dsa.public",
+ "rsa.public", "rsa.private",
+ "dsa.public", "dsa.private",
]))
self.assertEqual(utils.ReadFile(utils.PathJoin(self.tmpdir, "rsa.public")),
"rsapub")
def testUpdate(self):
data = {
constants.SSHS_SSH_ROOT_KEY: [
- (constants.SSHK_DSA, "ssh-dss pubdsa", "privatedsa"),
+ (constants.SSHK_DSA, "privatedsa", "ssh-dss pubdsa"),
]
}