Revision 3dc66ebc
| b/tools/setup-ssh | ||
|---|---|---|
| 210 | 210 |
stderr_handler.setLevel(logging.WARNING) |
| 211 | 211 |
|
| 212 | 212 |
root_logger = logging.getLogger("")
|
| 213 |
root_logger.setLevel(logging.INFO)
|
|
| 213 |
root_logger.setLevel(logging.NOTSET)
|
|
| 214 | 214 |
root_logger.addHandler(stderr_handler) |
| 215 | 215 |
root_logger.addHandler(file_handler) |
| 216 | 216 |
|
| ... | ... | |
| 221 | 221 |
paramiko_logger.setLevel(logging.WARNING) |
| 222 | 222 |
|
| 223 | 223 |
|
| 224 |
def main():
|
|
| 225 |
"""Main routine.
|
|
| 224 |
def LoadPrivateKeys(options):
|
|
| 225 |
"""Load the list of available private keys
|
|
| 226 | 226 |
|
| 227 |
"""
|
|
| 228 |
(options, args) = ParseOptions()
|
|
| 227 |
It loads the standard ssh key from disk and then tries to connect to
|
|
| 228 |
the ssh agent too.
|
|
| 229 | 229 |
|
| 230 |
SetupLogging(options) |
|
| 230 |
@rtype: list |
|
| 231 |
@return: a list of C{paramiko.PKey}
|
|
| 231 | 232 |
|
| 233 |
""" |
|
| 232 | 234 |
if options.key_type == "rsa": |
| 233 | 235 |
pkclass = paramiko.RSAKey |
| 234 | 236 |
elif options.key_type == "dsa": |
| ... | ... | |
| 244 | 246 |
logging.critical("Can't load private key %s: %s", options.private_key, err)
|
| 245 | 247 |
sys.exit(1) |
| 246 | 248 |
|
| 249 |
try: |
|
| 250 |
agent = paramiko.Agent() |
|
| 251 |
agent_keys = agent.get_keys() |
|
| 252 |
except paramiko.SSHException, err: |
|
| 253 |
# this will only be seen when the agent is broken/uses invalid |
|
| 254 |
# protocol; for non-existing agent, get_keys() will just return an |
|
| 255 |
# empty tuple |
|
| 256 |
logging.warning("Can't connect to the ssh agent: %s; skipping its use",
|
|
| 257 |
err) |
|
| 258 |
agent_keys = [] |
|
| 259 |
|
|
| 260 |
return [private_key] + list(agent_keys) |
|
| 261 |
|
|
| 262 |
|
|
| 263 |
def LoginViaKeys(transport, username, keys): |
|
| 264 |
"""Try to login on the given transport via a list of keys. |
|
| 265 |
|
|
| 266 |
@param transport: the transport to use |
|
| 267 |
@param username: the username to login as |
|
| 268 |
@type keys: list |
|
| 269 |
@param keys: list of C{paramiko.PKey} to use for authentication
|
|
| 270 |
@rtype: boolean |
|
| 271 |
@return: True or False depending on whether the login was |
|
| 272 |
successfull or not |
|
| 273 |
|
|
| 274 |
""" |
|
| 275 |
for private_key in keys: |
|
| 276 |
try: |
|
| 277 |
transport.auth_publickey(username, private_key) |
|
| 278 |
fpr = ":".join("%02x" % ord(i) for i in private_key.get_fingerprint())
|
|
| 279 |
if isinstance(private_key, paramiko.AgentKey): |
|
| 280 |
logging.debug("Authentication via the ssh-agent key %s", fpr)
|
|
| 281 |
else: |
|
| 282 |
logging.debug("Authenticated via public key %s", fpr)
|
|
| 283 |
return True |
|
| 284 |
except paramiko.SSHException: |
|
| 285 |
continue |
|
| 286 |
else: |
|
| 287 |
# all keys exhausted |
|
| 288 |
return False |
|
| 289 |
|
|
| 290 |
|
|
| 291 |
def main(): |
|
| 292 |
"""Main routine. |
|
| 293 |
|
|
| 294 |
""" |
|
| 295 |
(options, args) = ParseOptions() |
|
| 296 |
|
|
| 297 |
SetupLogging(options) |
|
| 298 |
|
|
| 299 |
all_keys = LoadPrivateKeys(options) |
|
| 300 |
|
|
| 247 | 301 |
passwd = None |
| 248 | 302 |
username = constants.GANETI_RUNAS |
| 249 | 303 |
ssh_port = netutils.GetDaemonPort("ssh")
|
| ... | ... | |
| 261 | 315 |
transport = paramiko.Transport((host, ssh_port)) |
| 262 | 316 |
transport.start_client() |
| 263 | 317 |
try: |
| 264 |
try: |
|
| 265 |
transport.auth_publickey(username, private_key) |
|
| 318 |
if LoginViaKeys(transport, username, all_keys): |
|
| 266 | 319 |
logging.info("Authenticated to %s via public key", host)
|
| 267 |
except paramiko.SSHException:
|
|
| 320 |
else:
|
|
| 268 | 321 |
logging.warning("Authentication to %s via public key failed, trying"
|
| 269 | 322 |
" password", host) |
| 270 | 323 |
if passwd is None: |
Also available in: Unified diff