From 7fc73a8d5585794ebf3a4b1a5a9e966a74f95607 Mon Sep 17 00:00:00 2001 From: Scott Moser Date: Mon, 31 Oct 2011 10:56:06 -0400 Subject: make ssh host key deletion configurable Garret's patch cloud-init-0.6.2-sshsvc.patch did 2 separate things. This hunk makes deletion of keys configurable, and then makes generation of the keys only done if the key does not exist. TODO: document ssh_genkeytypes. taken from git://pkgs.fedoraproject.org/cloud-init.git commit 87f33190f43d2b26cced4597e7298835024466c2 Author: Garrett Holmstrom Patch11: cloud-init-0.6.2-sshsvc.patch --- cloudinit/CloudConfig/cc_ssh.py | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/cloudinit/CloudConfig/cc_ssh.py b/cloudinit/CloudConfig/cc_ssh.py index 296b18f2..9f5dc567 100644 --- a/cloudinit/CloudConfig/cc_ssh.py +++ b/cloudinit/CloudConfig/cc_ssh.py @@ -31,9 +31,10 @@ def handle(name,cfg,cloud,log,args): global_log = log # remove the static keys from the pristine image - for f in glob.glob("/etc/ssh/ssh_host_*key*"): - try: os.unlink(f) - except: pass + if cfg.get("ssh_deletekeys", True): + for f in glob.glob("/etc/ssh/ssh_host_*key*"): + try: os.unlink(f) + except: pass if cfg.has_key("ssh_keys"): # if there are keys in cloud-config, use them @@ -63,8 +64,10 @@ def handle(name,cfg,cloud,log,args): # if not, generate them for keytype in util.get_cfg_option_list_or_str(cfg, 'ssh_genkeytypes', ['rsa', 'dsa', 'ecdsa']): - subprocess.call(['ssh-keygen', '-t', keytype, '-N', '', - '-f', '/etc/ssh/ssh_host_%s_key' % keytype]) + keyfile = '/etc/ssh/ssh_host_%s_key' % keytype + if not os.path.exists(keyfile): + subprocess.call(['ssh-keygen', '-t', keytype, '-N', '', + '-f', keyfile]) util.restorecon_if_possible('/etc/ssh', recursive=True) -- cgit v1.2.3