Revision 310a8944 tools/setup-ssh
| b/tools/setup-ssh | ||
|---|---|---|
| 177 | 177 |
" <node...>"), prog=program) |
| 178 | 178 |
parser.add_option(cli.DEBUG_OPT) |
| 179 | 179 |
parser.add_option(cli.VERBOSE_OPT) |
| 180 |
parser.add_option(cli.NOSSH_KEYCHECK_OPT) |
|
| 180 | 181 |
default_key = ssh.GetUserFiles(constants.GANETI_RUNAS)[0] |
| 181 | 182 |
parser.add_option(optparse.Option("-f", dest="private_key",
|
| 182 | 183 |
default=default_key, |
| ... | ... | |
| 296 | 297 |
return False |
| 297 | 298 |
|
| 298 | 299 |
|
| 300 |
def LoadKnownHosts(): |
|
| 301 |
"""Loads the known hosts |
|
| 302 |
|
|
| 303 |
@return L{paramiko.util.load_host_keys} dict
|
|
| 304 |
|
|
| 305 |
""" |
|
| 306 |
homedir = utils.GetHomeDir(constants.GANETI_RUNAS) |
|
| 307 |
known_hosts = os.path.join(homedir, ".ssh", "known_hosts") |
|
| 308 |
|
|
| 309 |
try: |
|
| 310 |
return paramiko.util.load_host_keys(known_hosts) |
|
| 311 |
except EnvironmentError: |
|
| 312 |
# We didn't found the path, silently ignore and return an empty dict |
|
| 313 |
return {}
|
|
| 314 |
|
|
| 315 |
|
|
| 299 | 316 |
def main(): |
| 300 | 317 |
"""Main routine. |
| 301 | 318 |
|
| ... | ... | |
| 309 | 326 |
passwd = None |
| 310 | 327 |
username = constants.GANETI_RUNAS |
| 311 | 328 |
ssh_port = netutils.GetDaemonPort("ssh")
|
| 329 |
host_keys = LoadKnownHosts() |
|
| 312 | 330 |
|
| 313 | 331 |
# Below, we need to join() the transport objects, as otherwise the |
| 314 | 332 |
# following happens: |
| ... | ... | |
| 322 | 340 |
for host in args: |
| 323 | 341 |
transport = paramiko.Transport((host, ssh_port)) |
| 324 | 342 |
transport.start_client() |
| 343 |
server_key = transport.get_remote_server_key() |
|
| 344 |
keytype = server_key.get_name() |
|
| 345 |
|
|
| 346 |
our_server_key = host_keys.get(host, {}).get(keytype, None)
|
|
| 347 |
if options.ssh_key_check: |
|
| 348 |
if not our_server_key: |
|
| 349 |
hexified_key = ssh.FormatParamikoFingerprint( |
|
| 350 |
server_key.get_fingerprint()) |
|
| 351 |
msg = ("Unable to verify hostkey of host %s: %s. Do you want to accept"
|
|
| 352 |
" it?" % (host, hexified_key)) |
|
| 353 |
|
|
| 354 |
if cli.AskUser(msg): |
|
| 355 |
our_server_key = server_key |
|
| 356 |
|
|
| 357 |
if our_server_key != server_key: |
|
| 358 |
logging.error("Unable to verify identity of host. Aborting")
|
|
| 359 |
transport.close() |
|
| 360 |
transport.join() |
|
| 361 |
# TODO: Run over all hosts, fetch the keys and let them verify from the |
|
| 362 |
# user beforehand then proceed with actual work later on |
|
| 363 |
raise paramiko.SSHException("Unable to verify identity of host")
|
|
| 364 |
|
|
| 325 | 365 |
try: |
| 326 | 366 |
if LoginViaKeys(transport, username, all_keys): |
| 327 | 367 |
logging.info("Authenticated to %s via public key", host)
|
Also available in: Unified diff