diff options
| author | Christian Poessinger <christian@poessinger.com> | 2020-01-30 21:05:07 +0100 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2020-02-02 16:02:20 +0100 |
| commit | a717e1c802d958137cdc70adf44d614323438dce (patch) | |
| tree | 5e839f90aad76ed38de6c274fec7effe37d96cc3 | |
| parent | 029cefc84a30fa9f34af58bfdc1dadaaf5a220db (diff) | |
| download | vyos-1x-a717e1c802d958137cdc70adf44d614323438dce.tar.gz vyos-1x-a717e1c802d958137cdc70adf44d614323438dce.zip | |
login: T1948: support for SSH keys
| -rwxr-xr-x | src/conf_mode/system-login.py | 34 |
1 files changed, 31 insertions, 3 deletions
diff --git a/src/conf_mode/system-login.py b/src/conf_mode/system-login.py index 9a2de54eb..8aa3991fd 100755 --- a/src/conf_mode/system-login.py +++ b/src/conf_mode/system-login.py @@ -18,6 +18,8 @@ import sys import os from pwd import getpwall, getpwnam +from grp import getgrnam +from stat import S_IRUSR, S_IWUSR, S_IRWXU, S_IRGRP, S_IXGRP from subprocess import Popen, PIPE, STDOUT from vyos.config import Config @@ -131,15 +133,15 @@ def get_config(): # Public Key portion if conf.exists(['key']): - user['key'] = conf.return_value(['key']) + key['key'] = conf.return_value(['key']) # Options for individual public key if conf.exists(['options']): - user['options'] = conf.return_value(['options']) + key['options'] = conf.return_value(['options']) # Type of public key if conf.exists(['type']): - user['type'] = conf.return_value(['type']) + key['type'] = conf.return_value(['type']) # Append individual public key to list of user keys user['public_keys'].append(key) @@ -176,6 +178,32 @@ def generate(login): os.system("vyos_libexec_dir=/usr/libexec/vyos /opt/vyatta/sbin/my_set system login user '{}' authentication plaintext-password '' >/dev/null".format(user['name'])) os.system("vyos_libexec_dir=/usr/libexec/vyos /opt/vyatta/sbin/my_set system login user '{}' authentication encrypted-password '{}' >/dev/null".format(user['name'], user['password_encrypted'])) + uid = getpwnam(user['name']).pw_uid + gid = getpwnam(user['name']).pw_gid + + # install ssh keys + key_dir = '{}/.ssh'.format(user['home_dir']) + if not os.path.isdir(key_dir): + os.mkdir(key_dir) + os.chown(key_dir, uid, gid) + os.chmod(key_dir, S_IRWXU|S_IRGRP|S_IXGRP) + + key_file = key_dir + '/authorized_keys'; + with open(key_file, 'w') as f: + f.write("# Automatically generated by VyOS\n") + f.write("# Do not edit, all changes will be lost\n") + + for id in user['public_keys']: + line = '' + if id['options']: + line = '{} '.format(id['options']) + + line += '{} {} {}\n'.format(id['type'], id['key'], id['name']) + f.write(line) + + os.chown(key_file, uid, gid) + os.chmod(key_file, S_IRUSR|S_IWUSR) + pass def apply(login): |