diff options
Diffstat (limited to 'cloudinit/config')
-rw-r--r-- | cloudinit/config/cc_ssh_authkey_fingerprints.py | 59 |
1 files changed, 32 insertions, 27 deletions
diff --git a/cloudinit/config/cc_ssh_authkey_fingerprints.py b/cloudinit/config/cc_ssh_authkey_fingerprints.py index d4f136c2..6fb7d7fe 100644 --- a/cloudinit/config/cc_ssh_authkey_fingerprints.py +++ b/cloudinit/config/cc_ssh_authkey_fingerprints.py @@ -26,52 +26,56 @@ from prettytable import PrettyTable from cloudinit import util from cloudinit import ssh_util -FP_HASH_TYPE = 'md5' -FP_SEGMENT_LEN = 2 -FP_SEGMENT_SEP = ":" - def _split_hash(bin_hash): split_up = [] - for i in xrange(0, len(bin_hash), FP_SEGMENT_LEN): - split_up.append(bin_hash[i:i+FP_SEGMENT_LEN]) + for i in xrange(0, len(bin_hash), 2): + split_up.append(bin_hash[i:i+2]) return split_up -def _gen_fingerprint(b64_text): +def _gen_fingerprint(b64_text, hash_meth='md5'): if not b64_text: return '' - # Maybe we should feed this into 'ssh -lf'? + # TBD(harlowja): Maybe we should feed this into 'ssh -lf'? try: - bin_text = base64.b64decode(b64_text) - hasher = hashlib.new(FP_HASH_TYPE) - hasher.update(bin_text) - pp_hash = FP_SEGMENT_SEP.join(_split_hash(hasher.hexdigest())) - return pp_hash + hasher = hashlib.new(hash_meth) + hasher.update(base64.b64decode(b64_text)) + return ":".join(_split_hash(hasher.hexdigest())) except TypeError: - return '' + # Raised when b64 not really b64... + return '?' + + +def _is_printable_key(entry): + if any([entry.keytype, entry.base64, entry.comment, entry.options]): + if entry.keytype and entry.keytype.lower().strip() in ['ssh-dss', 'ssh-rsa']: + return True + return False -def _pprint_key_entries(user, key_fn, key_entries, prefix='ci-info: '): +def _pprint_key_entries(user, key_fn, key_entries, hash_meth='md5', prefix='ci-info: '): if not key_entries: message = "%sno authorized ssh keys fingerprints found for user %s." % (prefix, user) util.multi_log(message) return - tbl_fields = ['Keytype', 'Fingerprint', 'Options', 'Comment'] + tbl_fields = ['Keytype', 'Fingerprint (%s)' % (hash_meth), 'Options', 'Comment'] tbl = PrettyTable(tbl_fields) for entry in key_entries: - row = [] - row.append(entry.keytype or '-') - row.append(_gen_fingerprint(entry.base64) or '-') - row.append(entry.comment or '-') - row.append(entry.options or '-') - tbl.add_row(row) + if _is_printable_key(entry): + row = [] + row.append(entry.keytype or '-') + row.append(_gen_fingerprint(entry.base64, hash_meth) or '-') + row.append(entry.options or '-') + row.append(entry.comment or '-') + tbl.add_row(row) authtbl_s = tbl.get_string() - max_len = len(max(authtbl_s.splitlines(), key=len)) + authtbl_lines = authtbl_s.splitlines() + max_len = len(max(authtbl_lines, key=len)) lines = [ util.center("Authorized keys fingerprints from %s for user %s" % (key_fn, user), "+", max_len), ] - lines.extend(authtbl_s.splitlines()) + lines.extend(authtbl_lines) for line in lines: util.multi_log(text="%s%s\n" % (prefix, line)) @@ -81,6 +85,7 @@ def handle(name, cfg, cloud, log, _args): log.debug(("Skipping module named %s, " "logging of ssh fingerprints disabled"), name) - user = util.get_cfg_option_str(cfg, "user", "ubuntu") - (auth_key_fn, auth_key_entries) = ssh_util.extract_authorized_keys(user, cloud.paths) - _pprint_key_entries(user, auth_key_fn, auth_key_entries) + user_name = util.get_cfg_option_str(cfg, "user", "ubuntu") + hash_meth = util.get_cfg_option_str(cfg, "authkey_hash", "md5") + (auth_key_fn, auth_key_entries) = ssh_util.extract_authorized_keys(user_name, cloud.paths) + _pprint_key_entries(user_name, auth_key_fn, auth_key_entries, hash_meth) |