summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2020-01-30 21:05:07 +0100
committerChristian Poessinger <christian@poessinger.com>2020-02-02 16:02:20 +0100
commita717e1c802d958137cdc70adf44d614323438dce (patch)
tree5e839f90aad76ed38de6c274fec7effe37d96cc3 /src
parent029cefc84a30fa9f34af58bfdc1dadaaf5a220db (diff)
downloadvyos-1x-a717e1c802d958137cdc70adf44d614323438dce.tar.gz
vyos-1x-a717e1c802d958137cdc70adf44d614323438dce.zip
login: T1948: support for SSH keys
Diffstat (limited to 'src')
-rwxr-xr-xsrc/conf_mode/system-login.py34
1 files changed, 31 insertions, 3 deletions
diff --git a/src/conf_mode/system-login.py b/src/conf_mode/system-login.py
index 9a2de54eb..8aa3991fd 100755
--- a/src/conf_mode/system-login.py
+++ b/src/conf_mode/system-login.py
@@ -18,6 +18,8 @@ import sys
import os
from pwd import getpwall, getpwnam
+from grp import getgrnam
+from stat import S_IRUSR, S_IWUSR, S_IRWXU, S_IRGRP, S_IXGRP
from subprocess import Popen, PIPE, STDOUT
from vyos.config import Config
@@ -131,15 +133,15 @@ def get_config():
# Public Key portion
if conf.exists(['key']):
- user['key'] = conf.return_value(['key'])
+ key['key'] = conf.return_value(['key'])
# Options for individual public key
if conf.exists(['options']):
- user['options'] = conf.return_value(['options'])
+ key['options'] = conf.return_value(['options'])
# Type of public key
if conf.exists(['type']):
- user['type'] = conf.return_value(['type'])
+ key['type'] = conf.return_value(['type'])
# Append individual public key to list of user keys
user['public_keys'].append(key)
@@ -176,6 +178,32 @@ def generate(login):
os.system("vyos_libexec_dir=/usr/libexec/vyos /opt/vyatta/sbin/my_set system login user '{}' authentication plaintext-password '' >/dev/null".format(user['name']))
os.system("vyos_libexec_dir=/usr/libexec/vyos /opt/vyatta/sbin/my_set system login user '{}' authentication encrypted-password '{}' >/dev/null".format(user['name'], user['password_encrypted']))
+ uid = getpwnam(user['name']).pw_uid
+ gid = getpwnam(user['name']).pw_gid
+
+ # install ssh keys
+ key_dir = '{}/.ssh'.format(user['home_dir'])
+ if not os.path.isdir(key_dir):
+ os.mkdir(key_dir)
+ os.chown(key_dir, uid, gid)
+ os.chmod(key_dir, S_IRWXU|S_IRGRP|S_IXGRP)
+
+ key_file = key_dir + '/authorized_keys';
+ with open(key_file, 'w') as f:
+ f.write("# Automatically generated by VyOS\n")
+ f.write("# Do not edit, all changes will be lost\n")
+
+ for id in user['public_keys']:
+ line = ''
+ if id['options']:
+ line = '{} '.format(id['options'])
+
+ line += '{} {} {}\n'.format(id['type'], id['key'], id['name'])
+ f.write(line)
+
+ os.chown(key_file, uid, gid)
+ os.chmod(key_file, S_IRUSR|S_IWUSR)
+
pass
def apply(login):