diff options
| -rw-r--r-- | cloudinit/CloudConfig/cc_ssh.py | 14 | ||||
| -rw-r--r-- | doc/examples/cloud-config.txt | 9 |
2 files changed, 19 insertions, 4 deletions
diff --git a/cloudinit/CloudConfig/cc_ssh.py b/cloudinit/CloudConfig/cc_ssh.py index c4603d2b..60eaaa42 100644 --- a/cloudinit/CloudConfig/cc_ssh.py +++ b/cloudinit/CloudConfig/cc_ssh.py @@ -20,6 +20,9 @@ import os import glob import subprocess +DISABLE_ROOT_OPTS="no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command=\"echo \'Please login as the user \\\"$USER\\\" rather than the user \\\"root\\\".\';echo;sleep 10\"" + + def handle(name,cfg,cloud,log,args): # remove the static keys from the pristine image for f in glob.glob("/etc/ssh/ssh_host_*_key*"): @@ -55,13 +58,15 @@ def handle(name,cfg,cloud,log,args): try: user = util.get_cfg_option_str(cfg,'user') disable_root = util.get_cfg_option_bool(cfg, "disable_root", True) + disable_root_opts = util.get_cfg_option_str(cfg, "disable_root_opts", + DISABLE_ROOT_OPTS) keys = cloud.get_public_ssh_keys() if cfg.has_key("ssh_authorized_keys"): cfgkeys = cfg["ssh_authorized_keys"] keys.extend(cfgkeys) - apply_credentials(keys,user,disable_root) + apply_credentials(keys,user,disable_root, disable_root_opts) except: log.warn("applying credentials failed!\n") @@ -70,13 +75,13 @@ def handle(name,cfg,cloud,log,args): def send_ssh_keys_to_console(): subprocess.call(('/usr/lib/cloud-init/write-ssh-key-fingerprints',)) -def apply_credentials(keys, user, disable_root): +def apply_credentials(keys, user, disable_root, disable_root_opts=DISABLE_ROOT_OPTS): keys = set(keys) if user: setup_user_keys(keys, user, '') if disable_root: - key_prefix = 'command="echo \'Please login as the user \\\"%s\\\" rather than the user \\\"root\\\".\';echo;sleep 10" ' % user + key_prefix = disable_root_opts.replace('$USER', user) else: key_prefix = '' @@ -95,7 +100,8 @@ def setup_user_keys(keys, user, key_prefix): authorized_keys = '%s/.ssh/authorized_keys' % pwent.pw_dir fp = open(authorized_keys, 'a') - fp.write(''.join(['%s%s\n' % (key_prefix, key) for key in keys])) + key_prefix = key_prefix.replace("\n"," ") + fp.write(''.join(['%s %s\n' % (key_prefix.strip(), key) for key in keys])) fp.close() os.chown(authorized_keys, pwent.pw_uid, pwent.pw_gid) diff --git a/doc/examples/cloud-config.txt b/doc/examples/cloud-config.txt index e1ccf9f5..b72cab48 100644 --- a/doc/examples/cloud-config.txt +++ b/doc/examples/cloud-config.txt @@ -271,6 +271,15 @@ byobu_by_default: system # default: true disable_root: false +# disable_root_opts: the value of this variable will prefix the +# respective key in /root/.ssh/authorized_keys if disable_root is true +# see 'man authorized_keys' for more information on what you can do here +# +# The string '$USER' will be replaced with the username of the default user +# +# disable_root_opts: no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="echo 'Please login as the user \"$USER\" rather than the user \"root\".';echo;sleep 10" + + # set the locale to a given locale # default: en_US.UTF-8 locale: en_US.UTF-8 |