diff options
author | Scott Moser <smoser@ubuntu.com> | 2012-08-20 21:32:18 -0400 |
---|---|---|
committer | Scott Moser <smoser@ubuntu.com> | 2012-08-20 21:32:18 -0400 |
commit | abf3d804fab340aa18b1b5983f9dc69234d37cf1 (patch) | |
tree | 0ae654907d029c7440069ca993713783aa0efcb1 /cloudinit | |
parent | 989252019b14c7147367ffddaa990b371438fa7c (diff) | |
parent | d308ee4363d7b9601f73dbd9166594c16f9e9601 (diff) | |
download | vyos-cloud-init-abf3d804fab340aa18b1b5983f9dc69234d37cf1.tar.gz vyos-cloud-init-abf3d804fab340aa18b1b5983f9dc69234d37cf1.zip |
authkey_fingerprints: Fix columns headers, do not print empty lines
This fixes the column headers and and adds a check to make sure that a key
given is one that we actually want to print out. Also add in a config
option which lets people select a different hashing method (not md5 if
they want).
Diffstat (limited to 'cloudinit')
-rw-r--r-- | cloudinit/config/cc_ssh_authkey_fingerprints.py | 59 |
1 files changed, 34 insertions, 25 deletions
diff --git a/cloudinit/config/cc_ssh_authkey_fingerprints.py b/cloudinit/config/cc_ssh_authkey_fingerprints.py index 35a68709..087cc15e 100644 --- a/cloudinit/config/cc_ssh_authkey_fingerprints.py +++ b/cloudinit/config/cc_ssh_authkey_fingerprints.py @@ -24,54 +24,63 @@ from prettytable import PrettyTable from cloudinit import ssh_util from cloudinit import util -FP_HASH_TYPE = 'md5' -FP_SEGMENT_LEN = 2 -FP_SEGMENT_SEP = ":" - def _split_hash(bin_hash): split_up = [] +<<<<<<< TREE for i in xrange(0, len(bin_hash), FP_SEGMENT_LEN): split_up.append(bin_hash[i:i + FP_SEGMENT_LEN]) +======= + for i in xrange(0, len(bin_hash), 2): + split_up.append(bin_hash[i:i+2]) +>>>>>>> MERGE-SOURCE return split_up -def _gen_fingerprint(b64_text): +def _gen_fingerprint(b64_text, hash_meth='md5'): if not b64_text: return '' - # Maybe we should feed this into 'ssh -lf'? + # TBD(harlowja): Maybe we should feed this into 'ssh -lf'? try: - bin_text = base64.b64decode(b64_text) - hasher = hashlib.new(FP_HASH_TYPE) - hasher.update(bin_text) - pp_hash = FP_SEGMENT_SEP.join(_split_hash(hasher.hexdigest())) - return pp_hash + hasher = hashlib.new(hash_meth) + hasher.update(base64.b64decode(b64_text)) + return ":".join(_split_hash(hasher.hexdigest())) except TypeError: - return '' + # Raised when b64 not really b64... + return '?' + + +def _is_printable_key(entry): + if any([entry.keytype, entry.base64, entry.comment, entry.options]): + if entry.keytype and entry.keytype.lower().strip() in ['ssh-dss', 'ssh-rsa']: + return True + return False -def _pprint_key_entries(user, key_fn, key_entries, prefix='ci-info: '): +def _pprint_key_entries(user, key_fn, key_entries, hash_meth='md5', prefix='ci-info: '): if not key_entries: message = ("%sno authorized ssh keys fingerprints found for user %s." % (prefix, user)) util.multi_log(message) return - tbl_fields = ['Keytype', 'Fingerprint', 'Options', 'Comment'] + tbl_fields = ['Keytype', 'Fingerprint (%s)' % (hash_meth), 'Options', 'Comment'] tbl = PrettyTable(tbl_fields) for entry in key_entries: - row = [] - row.append(entry.keytype or '-') - row.append(_gen_fingerprint(entry.base64) or '-') - row.append(entry.comment or '-') - row.append(entry.options or '-') - tbl.add_row(row) + if _is_printable_key(entry): + row = [] + row.append(entry.keytype or '-') + row.append(_gen_fingerprint(entry.base64, hash_meth) or '-') + row.append(entry.options or '-') + row.append(entry.comment or '-') + tbl.add_row(row) authtbl_s = tbl.get_string() - max_len = len(max(authtbl_s.splitlines(), key=len)) + authtbl_lines = authtbl_s.splitlines() + max_len = len(max(authtbl_lines, key=len)) lines = [ util.center("Authorized keys fingerprints from %s for user %s" % (key_fn, user), "+", max_len), ] - lines.extend(authtbl_s.splitlines()) + lines.extend(authtbl_lines) for line in lines: util.multi_log(text="%s%s\n" % (prefix, line)) @@ -81,7 +90,7 @@ def handle(name, cfg, cloud, log, _args): log.debug(("Skipping module named %s, " "logging of ssh fingerprints disabled"), name) - user = util.get_cfg_option_str(cfg, "user", "ubuntu") + user_name = util.get_cfg_option_str(cfg, "user", "ubuntu") extract = ssh_util.extract_authorized_keys - (auth_key_fn, auth_key_entries) = extract(user, cloud.paths) - _pprint_key_entries(user, auth_key_fn, auth_key_entries) + (auth_key_fn, auth_key_entries) = extract(user_name, cloud.paths) + _pprint_key_entries(user_name, auth_key_fn, auth_key_entries, hash_meth) |