summaryrefslogtreecommitdiff
path: root/cloudinit/config
diff options
context:
space:
mode:
authordermotbradley <dermot_bradley@yahoo.com>2021-10-27 20:39:05 +0100
committerGitHub <noreply@github.com>2021-10-27 14:39:05 -0500
commitd77d6bf197ec619f45a2ed81368a6cf408882670 (patch)
tree777eeaf8cfa8d7450b7ef2a92edb53e57d3b17f9 /cloudinit/config
parent1d01da5d9916d97ef463ba61a36b3f98f8911419 (diff)
downloadvyos-cloud-init-d77d6bf197ec619f45a2ed81368a6cf408882670.tar.gz
vyos-cloud-init-d77d6bf197ec619f45a2ed81368a6cf408882670.zip
cc_ssh.py: Add configuration for controlling ssh-keygen output (#1083)
When ssh host keys are generated during initial boot the full output of ssh-keygen, including the randomart for the key, is displayed on the console for each of the generated key types, which takes up a large amount of screen output (17 lines per key type). With this change ssh-keygen output is still displayed by default. Setting ssh_quiet_keygen to True will prevent ssh-keygen output from appearing. If only the fingerprints of the host keys should be displayed then this can be achieved using the existing emit_keys_to_console and/or ssh_fp_console_blacklist settings.
Diffstat (limited to 'cloudinit/config')
-rwxr-xr-xcloudinit/config/cc_ssh.py9
1 files changed, 8 insertions, 1 deletions
diff --git a/cloudinit/config/cc_ssh.py b/cloudinit/config/cc_ssh.py
index ff9e9753..1053ab67 100755
--- a/cloudinit/config/cc_ssh.py
+++ b/cloudinit/config/cc_ssh.py
@@ -89,6 +89,10 @@ optionally, ``<key type>_certificate``, e.g. ``rsa_private: <key>``,
key types. Not all key types have to be specified, ones left unspecified will
not be used. If this config option is used, then no keys will be generated.
+When host keys are generated the output of the ssh-keygen command(s) can be
+displayed on the console using the ``ssh_quiet_keygen`` configuration key.
+This settings defaults to False which displays the keygen output.
+
.. note::
when specifying private host keys in cloud-config, care should be taken to
ensure that the communication between the data source and the instance is
@@ -151,6 +155,7 @@ config flags are:
ssh_publish_hostkeys:
enabled: <true/false> (Defaults to true)
blacklist: <list of key types> (Defaults to [dsa])
+ ssh_quiet_keygen: <true/false>
"""
import glob
@@ -239,7 +244,9 @@ def handle(_name, cfg, cloud, log, _args):
with util.SeLinuxGuard("/etc/ssh", recursive=True):
try:
out, err = subp.subp(cmd, capture=True, env=lang_c)
- sys.stdout.write(util.decode_binary(out))
+ if not util.get_cfg_option_bool(cfg, 'ssh_quiet_keygen',
+ False):
+ sys.stdout.write(util.decode_binary(out))
gid = util.get_group_id("ssh_keys")
if gid != -1: