diff options
| author | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2009-12-04 15:32:42 -0800 |
|---|---|---|
| committer | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2009-12-04 15:42:35 -0800 |
| commit | 103371d47c0d3ea4c28901810e11127de3855d5d (patch) | |
| tree | 709027d429f428f55412027b9408a43153eee371 | |
| parent | ebe3578d23a80533f6db1247c8d98f37485256fc (diff) | |
| download | vyatta-cfg-system-103371d47c0d3ea4c28901810e11127de3855d5d.tar.gz vyatta-cfg-system-103371d47c0d3ea4c28901810e11127de3855d5d.zip | |
Rearrange the public-key configuration schema
New syntax:
system login user vyatta authentication public-key user@remote type ssh-rsa
5 files changed, 17 insertions, 51 deletions
diff --git a/lib/Vyatta/Login/User.pm b/lib/Vyatta/Login/User.pm index 018e7e12..87dd4db4 100755 --- a/lib/Vyatta/Login/User.pm +++ b/lib/Vyatta/Login/User.pm @@ -115,7 +115,7 @@ sub _vyatta_users { sub set_authorized_keys { my $user = shift; my $config = new Vyatta::Config; - $config->setLevel("system login user $user authorized-keys"); + $config->setLevel("system login user $user authentication public-keys"); my @keys = $config->listNodes(); return unless @keys; @@ -139,19 +139,14 @@ sub set_authorized_keys { return; } - select $auth; - print "# Automatically generated by Vyatta configuration\n"; - print "# Do not edit, all changes will be lost\n"; - foreach my $key (@keys) { - my $type = $config->returnValue("$key key-type"); - print "$type $key"; - - my $comment = $config->returnValue("$key description"); - print " $comment" if $comment; - - print "\n"; + print {$auth} "# Automatically generated by Vyatta configuration\n"; + print {$auth} "# Do not edit, all changes will be lost\n"; + foreach my $name (@keys) { + my $type = $config->returnValue("$name type"); + my $key = $config->returnValue("$name key"); + print {$auth} "$type $key $name\n"; } - select STDOUT; + close $auth; chmod (0640, "$sshdir/authorized_keys"); } diff --git a/scripts/vyatta-load-user-key.pl b/scripts/vyatta-load-user-key.pl index c807c40b..6379fa8c 100644 --- a/scripts/vyatta-load-user-key.pl +++ b/scripts/vyatta-load-user-key.pl @@ -98,26 +98,19 @@ while (<$cfg>) { # The options field is optional (but not supported). my ($keytype, $keycode, $comment) = split / /; die "Not a valid key file format (see man sshd)" - unless $keycode; + unless defined($keytype) && defined($keycode) && defined($comment); - die "Not a valid ssh public file format\n" + die "$keytype: not a known ssh public format\n" unless ($keytype =~ /ssh-rsa|ssh-dsa/); - my $cmd = "set system login user $user authorized-key $keycode" - . " key-type $keytype"; - system ("$sbindir/my_$cmd"); - if ($? >> 8) { - die "\"$cmd\" failed\n"; - } + my $cmd = "set system login user $user authentication public-keys $comment"; + system ("$sbindir/my_$cmd" . " key $keycode"); + die "\"$cmd\" key failed\n" + if ($? >> 8); - if ($comment) { - $cmd = "set system login user $user authorized-key $keycode" - ." description $comment"; - system ("$sbindir/my_$cmd"); - if ($? >> 8) { - die "\"$cmd\" failed\n"; - } - } + system ("$sbindir/my_$cmd" . " type $keytype"); + die "\"$cmd\" type failed\n" + if ($? >> 8); } close $cfg; diff --git a/templates/system/login/user/node.tag/authorized-keys/node.def b/templates/system/login/user/node.tag/authorized-keys/node.def deleted file mode 100644 index 4ca232f8..00000000 --- a/templates/system/login/user/node.tag/authorized-keys/node.def +++ /dev/null @@ -1,16 +0,0 @@ -tag: -type: txt -help: Set public keys for authorized login - -syntax:expression: pattern $VAR(@) "^[0-9A-Za-z+/=]*$" ; "Invalid public key not base-64" - -commit:expression: $VAR(key-type) != "" ; "key-type must be specified" - -comp_help: - Public key of remote user allowed to login without password - The key must be encode as base-64 text string. The key is usually - several hundred bytes long (because of the size of the public key - encoding). You don't want to type them in; instead, use the - script ssh-load-key to set them. - - diff --git a/templates/system/login/user/node.tag/authorized-keys/node.tag/description/node.def b/templates/system/login/user/node.tag/authorized-keys/node.tag/description/node.def deleted file mode 100644 index 7c81ff12..00000000 --- a/templates/system/login/user/node.tag/authorized-keys/node.tag/description/node.def +++ /dev/null @@ -1,2 +0,0 @@ -type: txt -help: Ssh public-key description (usually user@host) diff --git a/templates/system/login/user/node.tag/authorized-keys/node.tag/key-type/node.def b/templates/system/login/user/node.tag/authorized-keys/node.tag/key-type/node.def deleted file mode 100644 index 54482824..00000000 --- a/templates/system/login/user/node.tag/authorized-keys/node.tag/key-type/node.def +++ /dev/null @@ -1,4 +0,0 @@ -type: txt -help: Public key type -allowed: echo "ssh-dsa ssh-rsa" -syntax:expression: $VAR(@) in "ssh-rsa", "ssh-dsa" |