Fix SSH key generation
This commit is contained in:
parent
313587125f
commit
f3b8d56e59
45
cloud-init-0.6.2-sshkeytypes.patch
Normal file
45
cloud-init-0.6.2-sshkeytypes.patch
Normal file
@ -0,0 +1,45 @@
|
|||||||
|
Index: cloud-init/cloudinit/CloudConfig/cc_ssh.py
|
||||||
|
===================================================================
|
||||||
|
--- cloud-init.orig/cloudinit/CloudConfig/cc_ssh.py
|
||||||
|
+++ cloud-init/cloudinit/CloudConfig/cc_ssh.py
|
||||||
|
@@ -61,10 +61,10 @@ def handle(name,cfg,cloud,log,args):
|
||||||
|
log.debug("generated %s from %s" % pair)
|
||||||
|
else:
|
||||||
|
# if not, generate them
|
||||||
|
- genkeys ='ssh-keygen -f /etc/ssh/ssh_host_rsa_key -t rsa -N ""; '
|
||||||
|
- genkeys+='ssh-keygen -f /etc/ssh/ssh_host_dsa_key -t dsa -N ""; '
|
||||||
|
- genkeys+='ssh-keygen -f /etc/ssh/ssh_host_ecdsa_key -t ecdsa -N ""; '
|
||||||
|
- subprocess.call(('sh', '-c', "{ %s } </dev/null" % (genkeys)))
|
||||||
|
+ for keytype in util.get_cfg_option_list_or_str(cfg, 'ssh_genkeytypes',
|
||||||
|
+ ['rsa', 'dsa', 'ecdsa']):
|
||||||
|
+ subprocess.call(['ssh-keygen', '-t', keytype, '-N', '',
|
||||||
|
+ '-f', '/etc/ssh/ssh_host_%s_key' % keytype])
|
||||||
|
|
||||||
|
try:
|
||||||
|
user = util.get_cfg_option_str(cfg,'user')
|
||||||
|
Index: cloud-init/cloudinit/util.py
|
||||||
|
===================================================================
|
||||||
|
--- cloud-init.orig/cloudinit/util.py
|
||||||
|
+++ cloud-init/cloudinit/util.py
|
||||||
|
@@ -77,6 +77,7 @@ def get_cfg_option_str(yobj, key, defaul
|
||||||
|
|
||||||
|
def get_cfg_option_list_or_str(yobj, key, default=None):
|
||||||
|
if not yobj.has_key(key): return default
|
||||||
|
+ if yobj[key] is None: return []
|
||||||
|
if isinstance(yobj[key],list): return yobj[key]
|
||||||
|
return([yobj[key]])
|
||||||
|
|
||||||
|
Index: cloud-init/tools/write-ssh-key-fingerprints
|
||||||
|
===================================================================
|
||||||
|
--- cloud-init.orig/tools/write-ssh-key-fingerprints
|
||||||
|
+++ cloud-init/tools/write-ssh-key-fingerprints
|
||||||
|
@@ -3,8 +3,7 @@
|
||||||
|
echo
|
||||||
|
echo "#############################################################"
|
||||||
|
echo "-----BEGIN SSH HOST KEY FINGERPRINTS-----"
|
||||||
|
-ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub
|
||||||
|
-ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key.pub
|
||||||
|
+echo /etc/ssh/ssh_host_*key.pub | xargs -n 1 ssh-keygen -l -f
|
||||||
|
echo "-----END SSH HOST KEY FINGERPRINTS-----"
|
||||||
|
echo "#############################################################"
|
||||||
|
} | logger -p user.info -s -t "ec2"
|
@ -4,6 +4,7 @@ ssh_pwauth: 0
|
|||||||
|
|
||||||
cc_ready_cmd: ['/bin/true']
|
cc_ready_cmd: ['/bin/true']
|
||||||
mount_default_fields: [~, ~, 'auto', 'defaults,nofail', '0', '2']
|
mount_default_fields: [~, ~, 'auto', 'defaults,nofail', '0', '2']
|
||||||
|
ssh_genkeytypes: ~
|
||||||
syslog_fix_perms: ~
|
syslog_fix_perms: ~
|
||||||
locale_configfile: /etc/sysconfig/i18n
|
locale_configfile: /etc/sysconfig/i18n
|
||||||
|
|
||||||
|
@ -31,6 +31,8 @@ Patch5: cloud-init-0.6.2-tzsysconfig.patch
|
|||||||
Patch6: cloud-init-0.6.2-puppetcontext.patch
|
Patch6: cloud-init-0.6.2-puppetcontext.patch
|
||||||
# Make enabling the puppet service work on Fedora (not yet upstream)
|
# Make enabling the puppet service work on Fedora (not yet upstream)
|
||||||
Patch7: cloud-init-0.6.2-puppetenable.patch
|
Patch7: cloud-init-0.6.2-puppetenable.patch
|
||||||
|
# Make the types of SSH keys to generate configurable (not yet upstream)
|
||||||
|
Patch8: cloud-init-0.6.2-sshkeytypes.patch
|
||||||
|
|
||||||
BuildArch: noarch
|
BuildArch: noarch
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||||
@ -69,6 +71,7 @@ ssh keys and to let the user run various scripts.
|
|||||||
%patch5 -p1
|
%patch5 -p1
|
||||||
%patch6 -p1
|
%patch6 -p1
|
||||||
%patch7 -p1
|
%patch7 -p1
|
||||||
|
%patch8 -p1
|
||||||
|
|
||||||
cp -p %{SOURCE2} README.fedora
|
cp -p %{SOURCE2} README.fedora
|
||||||
|
|
||||||
@ -154,6 +157,7 @@ fi
|
|||||||
%changelog
|
%changelog
|
||||||
* Fri Sep 23 2011 Garrett Holmstrom <gholms@fedoraproject.org> - 0.6.2-0.3.bzr450
|
* Fri Sep 23 2011 Garrett Holmstrom <gholms@fedoraproject.org> - 0.6.2-0.3.bzr450
|
||||||
- Fixed logfile permission checking
|
- Fixed logfile permission checking
|
||||||
|
- Fixed SSH key generation
|
||||||
|
|
||||||
* Fri Sep 23 2011 Garrett Holmstrom <gholms@fedoraproject.org> - 0.6.2-0.2.bzr450
|
* Fri Sep 23 2011 Garrett Holmstrom <gholms@fedoraproject.org> - 0.6.2-0.2.bzr450
|
||||||
- Updated tzsysconfig patch
|
- Updated tzsysconfig patch
|
||||||
|
Loading…
Reference in New Issue
Block a user