| Age | Commit message (Collapse) | Author |
|---|
|
cloud-init adds ssh_authorized_keys to the default user and to
root but for root it disables the keys with a prefix command.
However, if the public_key key is of type ecdsa-sha2-nistp521,
it is not parsed correctly, and the prefix command is not prepended.
Resolves: rhbz#1151824
LP: #1658174
|
|
This has been a recurring ask and we had initially just made the change to
the cloud-init 2.0 codebase. As the current thinking is we'll just
continue to enhance the current codebase, its desirable to relicense to
match what we'd intended as part of the 2.0 plan here.
- put a brief description of license in LICENSE file
- put full license versions in LICENSE-GPLv3 and LICENSE-Apache2.0
- simplify the per-file header to reference LICENSE
- tox: ignore H102 (Apache License Header check)
Add license header to files that ship.
Reformat headers, make sure everything has vi: at end of file.
Non-shipping files do not need the copyright header,
but at the moment tests/ have it.
|
|
|
|
Update ssh_util.py with latest list of keys (from openssh-7.3p1/sshkeys.c),
and remove extinct keys ending with "-v00@openssh.com"
Added keys:
rsa-sha2-256,
rsa-sha2-512,
ed25519,
ssh-ed25519,
ssh-ed25519-cert-v01@openssh.com
Removed both of the double entries for the keys:
ssh-dss-cert-v00@openssh.com
ssh-rsa-cert-v00@openssh.com
|
|
|
|
to be behind trunk.
`tox -e py27` passes full test suite. Now to work on replacing mocker.
|
|
|
|
|
|
|
|
|
|
|
|
Now, parser.parse specifies options that override any options found,
rather than just being default options.
There could still potentially be a user for default_options, but since we're
not using them anywhere, I've dropped it. The difference is that in setting up
the root user, we're now insisting that all keys that go in there have the
key_prefix, even if the key content had other options.
I think this is actually the commit that fixes LP: #1136343.
|
|
|
|
* drop the parsing of options into csv, as we were only exploding them
back. That can only result in error. Just do minimal parsing.
* change the parsing of key lines to:
if entry is valid:
* use it
else try taking off options:
if good, use it
else fail
|
|
1. Remove the usage of the path.join function
now that all code should be going through
the util file methods (and they can be
mocked out as needed).
2. Adjust all occurences of the above join
function to either not use it or replace
it with the standard os.path.join (which
can also be mocked out as needed)
3. Fix pylint from complaining about the
tests folder 'helpers.py' not being found
4. Add a pylintrc file that is used instead
of the options hidden in the 'run_pylint'
tool.
|
|
1. Adjust the sshutil so that it has functions
for doing this (used by the previous functions)
2. Create a new module that pretty prints out
the given authorized keys fetched (if any) using the standard
md5 scheme (for now), this module can be disabled by
setting 'no_ssh_fingerprints' or just removing it from the running
list.
|
|
|
|
|
|
|
|
|
|
with non-real read/write paths is easier.
|
|
since its not currently being called that way
|
|
|
|
Also have a method that will parse the authorized key file.
This allows:
1. Testing of parsing seperate from testing of entry construction.
1. Testing of authorized key file parsing, separate from updating.
|
|
that are done for option extraction
|
|
|
|
other pylint cleanups.
|
|
method). Handle error cases better...
|
|
needed.
|
|
importing, constant usage.
1. Move all datasources to a new sources directory
1. Rename some files to be more consistent with python file/module naming.
|
