diff options
author | Scott Moser <smoser@ubuntu.com> | 2011-08-15 16:39:21 -0500 |
---|---|---|
committer | Scott Moser <smoser@ubuntu.com> | 2011-08-15 16:39:21 -0500 |
commit | 91cf9a3fbab9fcb005c0bfea50811589243781d5 (patch) | |
tree | 7e6398d7cdaeaeeee4665d7447322ae6abd94ad4 | |
parent | 4aceeea084d00c2f5453b58518317953a0f552c6 (diff) | |
download | vyos-cloud-init-91cf9a3fbab9fcb005c0bfea50811589243781d5.tar.gz vyos-cloud-init-91cf9a3fbab9fcb005c0bfea50811589243781d5.zip |
add awareness of ecdsa keys.
-rw-r--r-- | cloudinit/CloudConfig/cc_phone_home.py | 5 | ||||
-rw-r--r-- | cloudinit/CloudConfig/cc_ssh.py | 7 | ||||
-rw-r--r-- | doc/examples/cloud-config.txt | 3 |
3 files changed, 11 insertions, 4 deletions
diff --git a/cloudinit/CloudConfig/cc_phone_home.py b/cloudinit/CloudConfig/cc_phone_home.py index be6abfa8..f291e1d4 100644 --- a/cloudinit/CloudConfig/cc_phone_home.py +++ b/cloudinit/CloudConfig/cc_phone_home.py @@ -20,7 +20,7 @@ import cloudinit.util as util from time import sleep frequency = per_instance -post_list_all = [ 'pub_key_dsa', 'pub_key_rsa', 'instance_id', 'hostname' ] +post_list_all = [ 'pub_key_dsa', 'pub_key_rsa', 'pub_key_ecdsa', 'instance_id', 'hostname' ] # phone_home: # url: http://my.foo.bar/$INSTANCE/ @@ -29,7 +29,7 @@ post_list_all = [ 'pub_key_dsa', 'pub_key_rsa', 'instance_id', 'hostname' ] # # phone_home: # url: http://my.foo.bar/$INSTANCE_ID/ -# post: [ pub_key_dsa, pub_key_rsa, instance_id +# post: [ pub_key_dsa, pub_key_rsa, pub_key_ecdsa, instance_id # def handle(name,cfg,cloud,log,args): if len(args) != 0: @@ -61,6 +61,7 @@ def handle(name,cfg,cloud,log,args): pubkeys = { 'pub_key_dsa': '/etc/ssh/ssh_host_dsa_key.pub', 'pub_key_rsa': '/etc/ssh/ssh_host_rsa_key.pub', + 'pub_key_ecdsa': '/etc/ssh/ssh_host_ecdsa_key.pub', } for n, path in pubkeys.iteritems(): diff --git a/cloudinit/CloudConfig/cc_ssh.py b/cloudinit/CloudConfig/cc_ssh.py index ee03de22..66587217 100644 --- a/cloudinit/CloudConfig/cc_ssh.py +++ b/cloudinit/CloudConfig/cc_ssh.py @@ -41,13 +41,17 @@ def handle(name,cfg,cloud,log,args): "rsa_public" : ("/etc/ssh/ssh_host_rsa_key.pub", 0644), "dsa_private" : ("/etc/ssh/ssh_host_dsa_key", 0600), "dsa_public" : ("/etc/ssh/ssh_host_dsa_key.pub", 0644) + "ecdsa_private" : ("/etc/ssh/ssh_host_ecdsa_key", 0600), + "ecdsa_public" : ("/etc/ssh/ssh_host_ecdsa_key.pub", 0644) } for key,val in cfg["ssh_keys"].items(): if key2file.has_key(key): util.write_file(key2file[key][0],val,key2file[key][1]) - priv2pub = { 'rsa_private':'rsa_public', 'dsa_private':'dsa_public' } + priv2pub = { 'rsa_private':'rsa_public', 'dsa_private':'dsa_public', + 'ecdsa_private': 'ecdsa_public', } + cmd = 'o=$(ssh-keygen -yf "%s") && echo "$o" root@localhost > "%s"' for priv,pub in priv2pub.iteritems(): if pub in cfg['ssh_keys'] or not priv in cfg['ssh_keys']: continue @@ -58,6 +62,7 @@ def handle(name,cfg,cloud,log,args): # if not, generate them genkeys ='ssh-keygen -f /etc/ssh/ssh_host_rsa_key -t rsa -N ""; ' genkeys+='ssh-keygen -f /etc/ssh/ssh_host_dsa_key -t dsa -N ""; ' + genkeys+='ssh-keygen -f /etc/ssh/ssh_host_ecdsa_key -t ecdsa -N ""; ' subprocess.call(('sh', '-c', "{ %s } </dev/null" % (genkeys))) try: diff --git a/doc/examples/cloud-config.txt b/doc/examples/cloud-config.txt index 9f3add0f..981fadae 100644 --- a/doc/examples/cloud-config.txt +++ b/doc/examples/cloud-config.txt @@ -135,6 +135,7 @@ ssh_authorized_keys: # Send pre-generated ssh private keys to the server # If these are present, they will be written to /etc/ssh and # new random keys will not be generated +# in addition to 'rsa' and 'dsa' as shown below, 'ecdsa' is also supported ssh_keys: rsa_private: | -----BEGIN RSA PRIVATE KEY----- @@ -391,7 +392,7 @@ output: # phone_home: url: http://my.example.com/$INSTANCE_ID/ - post: [ pub_key_dsa, pub_key_rsa, instance_id ] + post: [ pub_key_dsa, pub_key_rsa, pub_key_ecdsa, instance_id ] # timezone: set the timezone for this instance # the value of 'timezone' must exist in /usr/share/zoneinfo |