Revision 310a8944
b/tools/setup-ssh | ||
---|---|---|
177 | 177 |
" <node...>"), prog=program) |
178 | 178 |
parser.add_option(cli.DEBUG_OPT) |
179 | 179 |
parser.add_option(cli.VERBOSE_OPT) |
180 |
parser.add_option(cli.NOSSH_KEYCHECK_OPT) |
|
180 | 181 |
default_key = ssh.GetUserFiles(constants.GANETI_RUNAS)[0] |
181 | 182 |
parser.add_option(optparse.Option("-f", dest="private_key", |
182 | 183 |
default=default_key, |
... | ... | |
296 | 297 |
return False |
297 | 298 |
|
298 | 299 |
|
300 |
def LoadKnownHosts(): |
|
301 |
"""Loads the known hosts |
|
302 |
|
|
303 |
@return L{paramiko.util.load_host_keys} dict |
|
304 |
|
|
305 |
""" |
|
306 |
homedir = utils.GetHomeDir(constants.GANETI_RUNAS) |
|
307 |
known_hosts = os.path.join(homedir, ".ssh", "known_hosts") |
|
308 |
|
|
309 |
try: |
|
310 |
return paramiko.util.load_host_keys(known_hosts) |
|
311 |
except EnvironmentError: |
|
312 |
# We didn't found the path, silently ignore and return an empty dict |
|
313 |
return {} |
|
314 |
|
|
315 |
|
|
299 | 316 |
def main(): |
300 | 317 |
"""Main routine. |
301 | 318 |
|
... | ... | |
309 | 326 |
passwd = None |
310 | 327 |
username = constants.GANETI_RUNAS |
311 | 328 |
ssh_port = netutils.GetDaemonPort("ssh") |
329 |
host_keys = LoadKnownHosts() |
|
312 | 330 |
|
313 | 331 |
# Below, we need to join() the transport objects, as otherwise the |
314 | 332 |
# following happens: |
... | ... | |
322 | 340 |
for host in args: |
323 | 341 |
transport = paramiko.Transport((host, ssh_port)) |
324 | 342 |
transport.start_client() |
343 |
server_key = transport.get_remote_server_key() |
|
344 |
keytype = server_key.get_name() |
|
345 |
|
|
346 |
our_server_key = host_keys.get(host, {}).get(keytype, None) |
|
347 |
if options.ssh_key_check: |
|
348 |
if not our_server_key: |
|
349 |
hexified_key = ssh.FormatParamikoFingerprint( |
|
350 |
server_key.get_fingerprint()) |
|
351 |
msg = ("Unable to verify hostkey of host %s: %s. Do you want to accept" |
|
352 |
" it?" % (host, hexified_key)) |
|
353 |
|
|
354 |
if cli.AskUser(msg): |
|
355 |
our_server_key = server_key |
|
356 |
|
|
357 |
if our_server_key != server_key: |
|
358 |
logging.error("Unable to verify identity of host. Aborting") |
|
359 |
transport.close() |
|
360 |
transport.join() |
|
361 |
# TODO: Run over all hosts, fetch the keys and let them verify from the |
|
362 |
# user beforehand then proceed with actual work later on |
|
363 |
raise paramiko.SSHException("Unable to verify identity of host") |
|
364 |
|
|
325 | 365 |
try: |
326 | 366 |
if LoginViaKeys(transport, username, all_keys): |
327 | 367 |
logging.info("Authenticated to %s via public key", host) |
Also available in: Unified diff