summaryrefslogtreecommitdiff
path: root/cloudinit/config
diff options
context:
space:
mode:
Diffstat (limited to 'cloudinit/config')
-rw-r--r--cloudinit/config/cc_ssh_authkey_fingerprints.py59
1 files changed, 32 insertions, 27 deletions
diff --git a/cloudinit/config/cc_ssh_authkey_fingerprints.py b/cloudinit/config/cc_ssh_authkey_fingerprints.py
index d4f136c2..6fb7d7fe 100644
--- a/cloudinit/config/cc_ssh_authkey_fingerprints.py
+++ b/cloudinit/config/cc_ssh_authkey_fingerprints.py
@@ -26,52 +26,56 @@ from prettytable import PrettyTable
from cloudinit import util
from cloudinit import ssh_util
-FP_HASH_TYPE = 'md5'
-FP_SEGMENT_LEN = 2
-FP_SEGMENT_SEP = ":"
-
def _split_hash(bin_hash):
split_up = []
- for i in xrange(0, len(bin_hash), FP_SEGMENT_LEN):
- split_up.append(bin_hash[i:i+FP_SEGMENT_LEN])
+ for i in xrange(0, len(bin_hash), 2):
+ split_up.append(bin_hash[i:i+2])
return split_up
-def _gen_fingerprint(b64_text):
+def _gen_fingerprint(b64_text, hash_meth='md5'):
if not b64_text:
return ''
- # Maybe we should feed this into 'ssh -lf'?
+ # TBD(harlowja): Maybe we should feed this into 'ssh -lf'?
try:
- bin_text = base64.b64decode(b64_text)
- hasher = hashlib.new(FP_HASH_TYPE)
- hasher.update(bin_text)
- pp_hash = FP_SEGMENT_SEP.join(_split_hash(hasher.hexdigest()))
- return pp_hash
+ hasher = hashlib.new(hash_meth)
+ hasher.update(base64.b64decode(b64_text))
+ return ":".join(_split_hash(hasher.hexdigest()))
except TypeError:
- return ''
+ # Raised when b64 not really b64...
+ return '?'
+
+
+def _is_printable_key(entry):
+ if any([entry.keytype, entry.base64, entry.comment, entry.options]):
+ if entry.keytype and entry.keytype.lower().strip() in ['ssh-dss', 'ssh-rsa']:
+ return True
+ return False
-def _pprint_key_entries(user, key_fn, key_entries, prefix='ci-info: '):
+def _pprint_key_entries(user, key_fn, key_entries, hash_meth='md5', prefix='ci-info: '):
if not key_entries:
message = "%sno authorized ssh keys fingerprints found for user %s." % (prefix, user)
util.multi_log(message)
return
- tbl_fields = ['Keytype', 'Fingerprint', 'Options', 'Comment']
+ tbl_fields = ['Keytype', 'Fingerprint (%s)' % (hash_meth), 'Options', 'Comment']
tbl = PrettyTable(tbl_fields)
for entry in key_entries:
- row = []
- row.append(entry.keytype or '-')
- row.append(_gen_fingerprint(entry.base64) or '-')
- row.append(entry.comment or '-')
- row.append(entry.options or '-')
- tbl.add_row(row)
+ if _is_printable_key(entry):
+ row = []
+ row.append(entry.keytype or '-')
+ row.append(_gen_fingerprint(entry.base64, hash_meth) or '-')
+ row.append(entry.options or '-')
+ row.append(entry.comment or '-')
+ tbl.add_row(row)
authtbl_s = tbl.get_string()
- max_len = len(max(authtbl_s.splitlines(), key=len))
+ authtbl_lines = authtbl_s.splitlines()
+ max_len = len(max(authtbl_lines, key=len))
lines = [
util.center("Authorized keys fingerprints from %s for user %s" % (key_fn, user), "+", max_len),
]
- lines.extend(authtbl_s.splitlines())
+ lines.extend(authtbl_lines)
for line in lines:
util.multi_log(text="%s%s\n" % (prefix, line))
@@ -81,6 +85,7 @@ def handle(name, cfg, cloud, log, _args):
log.debug(("Skipping module named %s, "
"logging of ssh fingerprints disabled"), name)
- user = util.get_cfg_option_str(cfg, "user", "ubuntu")
- (auth_key_fn, auth_key_entries) = ssh_util.extract_authorized_keys(user, cloud.paths)
- _pprint_key_entries(user, auth_key_fn, auth_key_entries)
+ user_name = util.get_cfg_option_str(cfg, "user", "ubuntu")
+ hash_meth = util.get_cfg_option_str(cfg, "authkey_hash", "md5")
+ (auth_key_fn, auth_key_entries) = ssh_util.extract_authorized_keys(user_name, cloud.paths)
+ _pprint_key_entries(user_name, auth_key_fn, auth_key_entries, hash_meth)