1 files changed, 96 insertions, 0 deletions
diff --git a/cloudinit/config/cc_ssh_authkey_fingerprints.py b/cloudinit/config/cc_ssh_authkey_fingerprints.py
new file mode 100644
index 00000000..23f5755a
--- /dev/null
+++ b/cloudinit/config/cc_ssh_authkey_fingerprints.py
@@ -0,0 +1,96 @@
+# vi: ts=4 expandtab
+#
+#    Copyright (C) 2012 Yahoo! Inc.
+#
+#    Author: Joshua Harlow <harlowja@yahoo-inc.com>
+#
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License version 3, as
+#    published by the Free Software Foundation.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import base64
+import hashlib
+
+from prettytable import PrettyTable
+
+from cloudinit import ssh_util
+from cloudinit import util
+
+
+def _split_hash(bin_hash):
+    split_up = []
+    for i in xrange(0, len(bin_hash), 2):
+        split_up.append(bin_hash[i:i + 2])
+    return split_up
+
+
+def _gen_fingerprint(b64_text, hash_meth='md5'):
+    if not b64_text:
+        return ''
+    # TBD(harlowja): Maybe we should feed this into 'ssh -lf'?
+    try:
+        hasher = hashlib.new(hash_meth)
+        hasher.update(base64.b64decode(b64_text))
+        return ":".join(_split_hash(hasher.hexdigest()))
+    except TypeError:
+        # Raised when b64 not really b64...
+        return '?'
+
+
+def _is_printable_key(entry):
+    if any([entry.keytype, entry.base64, entry.comment, entry.options]):
+        if (entry.keytype and
+            entry.keytype.lower().strip() in ['ssh-dss', 'ssh-rsa']):
+            return True
+    return False
+
+
+def _pprint_key_entries(user, key_fn, key_entries, hash_meth='md5',
+                        prefix='ci-info: '):
+    if not key_entries:
+        message = ("%sno authorized ssh keys fingerprints found for user %s."
+                   % (prefix, user))
+        util.multi_log(message)
+        return
+    tbl_fields = ['Keytype', 'Fingerprint (%s)' % (hash_meth), 'Options',
+                  'Comment']
+    tbl = PrettyTable(tbl_fields)
+    for entry in key_entries:
+        if _is_printable_key(entry):
+            row = []
+            row.append(entry.keytype or '-')
+            row.append(_gen_fingerprint(entry.base64, hash_meth) or '-')
+            row.append(entry.options or '-')
+            row.append(entry.comment or '-')
+            tbl.add_row(row)
+    authtbl_s = tbl.get_string()
+    authtbl_lines = authtbl_s.splitlines()
+    max_len = len(max(authtbl_lines, key=len))
+    lines = [
+        util.center("Authorized keys from %s for user %s" %
+                    (key_fn, user), "+", max_len),
+    ]
+    lines.extend(authtbl_lines)
+    for line in lines:
+        util.multi_log(text="%s%s\n" % (prefix, line),
+                       stderr=False, console=True)
+
+
+def handle(name, cfg, cloud, log, _args):
+    if 'no_ssh_fingerprints' in cfg:
+        log.debug(("Skipping module named %s, "
+                   "logging of ssh fingerprints disabled"), name)
+
+    user_name = util.get_cfg_option_str(cfg, "user", "ubuntu")
+    hash_meth = util.get_cfg_option_str(cfg, "authkey_hash", "md5")
+    extract = ssh_util.extract_authorized_keys
+    (auth_key_fn, auth_key_entries) = extract(user_name, cloud.paths)
+    _pprint_key_entries(user_name, auth_key_fn, auth_key_entries, hash_meth)