From 4b4bbd73b84c2c478c7752f58e7f66ec6d90459e Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Tue, 20 May 2025 19:57:24 +0200 Subject: ssh: T6013: rename trusted-user-ca-key -> truster-user-ca The current implementation for SSH CA based authentication uses "set service ssh trusted-user-ca-key ca-certificate " to define an X.509 certificate from "set pki ca ..." - fun fact, native OpenSSH does not support X.509 certificates and only runs with OpenSSH ssh-keygen generated RSA or EC keys. This commit changes the bahavior to support antive certificates generated using ssh-keygen and loaded to our PKI tree. As the previous implementation did not work at all, no migrations cript is used. --- smoketest/scripts/cli/base_vyostest_shim.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'smoketest/scripts/cli/base_vyostest_shim.py') diff --git a/smoketest/scripts/cli/base_vyostest_shim.py b/smoketest/scripts/cli/base_vyostest_shim.py index f0674f187..9b64d5c0e 100644 --- a/smoketest/scripts/cli/base_vyostest_shim.py +++ b/smoketest/scripts/cli/base_vyostest_shim.py @@ -152,12 +152,14 @@ class VyOSUnitTestSHIM: return out @staticmethod - def ssh_send_cmd(command, username, password, hostname='localhost'): + def ssh_send_cmd(command, username, password, key_filename=None, + hostname='localhost'): """ SSH command execution helper """ # Try to login via SSH ssh_client = paramiko.SSHClient() ssh_client.set_missing_host_key_policy(paramiko.AutoAddPolicy()) - ssh_client.connect(hostname=hostname, username=username, password=password) + ssh_client.connect(hostname=hostname, username=username, + password=password, key_filename=key_filename) _, stdout, stderr = ssh_client.exec_command(command) output = stdout.read().decode().strip() error = stderr.read().decode().strip() -- cgit v1.2.3