From a2aa4805f018a9d8ff8baff7c2f6cb91e532c4d2 Mon Sep 17 00:00:00 2001
From: Scott Moser <smoser@ubuntu.com>
Date: Sun, 30 Oct 2011 18:00:41 -0400
Subject: Make the types of SSH keys to generate configurable

Notes:
 * This also makes cc_ssh.py *not* write ssh keys to the console.
   That means that if keys-to-console is configured off, nothing will
   write the keys to the console.
 * I removed Garret's use of xargs, replacing with a shell for loop
   in write-ssh-key-fingerprints.

taken from
git://pkgs.fedoraproject.org/cloud-init.git
commit 87f33190f43d2b26cced4597e7298835024466c2
Author: Garrett Holmstrom <gholms@fedoraproject.org>
Patch8: cloud-init-0.6.2-sshkeytypes.patch
---
 cloudinit/CloudConfig/cc_ssh.py  | 15 +++++----------
 cloudinit/util.py                |  1 +
 tools/write-ssh-key-fingerprints |  6 ++++--
 3 files changed, 10 insertions(+), 12 deletions(-)

diff --git a/cloudinit/CloudConfig/cc_ssh.py b/cloudinit/CloudConfig/cc_ssh.py
index 727fd398..296b18f2 100644
--- a/cloudinit/CloudConfig/cc_ssh.py
+++ b/cloudinit/CloudConfig/cc_ssh.py
@@ -31,7 +31,7 @@ def handle(name,cfg,cloud,log,args):
     global_log = log
 
     # remove the static keys from the pristine image
-    for f in glob.glob("/etc/ssh/ssh_host_*_key*"):
+    for f in glob.glob("/etc/ssh/ssh_host_*key*"):
         try: os.unlink(f)
         except: pass
 
@@ -61,10 +61,10 @@ def handle(name,cfg,cloud,log,args):
             log.debug("generated %s from %s" % pair)
     else:
         # if not, generate them
-        genkeys ='ssh-keygen -f /etc/ssh/ssh_host_rsa_key -t rsa -N ""; '
-        genkeys+='ssh-keygen -f /etc/ssh/ssh_host_dsa_key -t dsa -N ""; '
-        genkeys+='ssh-keygen -f /etc/ssh/ssh_host_ecdsa_key -t ecdsa -N ""; '
-        subprocess.call(('sh', '-c', "{ %s } </dev/null" % (genkeys)))
+        for keytype in util.get_cfg_option_list_or_str(cfg, 'ssh_genkeytypes',
+                                                       ['rsa', 'dsa', 'ecdsa']):
+            subprocess.call(['ssh-keygen', '-t', keytype, '-N', '',
+                             '-f', '/etc/ssh/ssh_host_%s_key' % keytype])
 
     util.restorecon_if_possible('/etc/ssh', recursive=True)
 
@@ -84,11 +84,6 @@ def handle(name,cfg,cloud,log,args):
         util.logexc(log)
         log.warn("applying credentials failed!\n")
 
-    send_ssh_keys_to_console()
-
-def send_ssh_keys_to_console():
-    subprocess.call(('/usr/lib/cloud-init/write-ssh-key-fingerprints',))
-
 def apply_credentials(keys, user, disable_root, disable_root_opts=DISABLE_ROOT_OPTS, log=global_log):
     keys = set(keys)
     if user:
diff --git a/cloudinit/util.py b/cloudinit/util.py
index 744fb71e..0c457128 100644
--- a/cloudinit/util.py
+++ b/cloudinit/util.py
@@ -84,6 +84,7 @@ def get_cfg_option_str(yobj, key, default=None):
 
 def get_cfg_option_list_or_str(yobj, key, default=None):
     if not yobj.has_key(key): return default
+    if yobj[key] is None: return []
     if isinstance(yobj[key],list): return yobj[key]
     return([yobj[key]])
 
diff --git a/tools/write-ssh-key-fingerprints b/tools/write-ssh-key-fingerprints
index 9a081faa..7b2fc62c 100755
--- a/tools/write-ssh-key-fingerprints
+++ b/tools/write-ssh-key-fingerprints
@@ -3,8 +3,10 @@
 echo
 echo "#############################################################"
 echo "-----BEGIN SSH HOST KEY FINGERPRINTS-----"
-ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub
-ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key.pub
+for f in /etc/ssh/ssh_host_*key.pub; do
+    [ -f "$f" ] || continue
+    ssh-keygen -l -f "$f"
+done
 echo "-----END SSH HOST KEY FINGERPRINTS-----"
 echo "#############################################################"
 } | logger -p user.info -s -t "ec2"
-- 
cgit v1.2.3