defect 4231
This commit is contained in:
parent
946664e1a1
commit
22d0dd5eb7
@ -4,7 +4,7 @@
|
||||
# This script adds xCAT specific setup to the /etc/ssh/sshd_config and ssh_config file
|
||||
# It calls getcredentials.awk to get from the xcatmaster ssh host keys from the
|
||||
# /etc/xcat/hostkeys directory and puts in /etc/ssh on the node the following keys
|
||||
# ssh_host_dsa_key,ssh_host_rsa_key
|
||||
# ssh_host_dsa_key,ssh_host_rsa_key, ssh_host_ecdsa_key (if supported)
|
||||
# It calls getcredentials.awk to get from the xcatmaster root ssh keys from the
|
||||
# ~/.ssh directory on the xcatmaster and put in ~/.ssh on the node the following keys:
|
||||
# If site.enablesshbetweennodes is yes
|
||||
@ -53,8 +53,7 @@ then
|
||||
echo "KeyRegenerationInterval 0" >>/etc/ssh/sshd_config
|
||||
sed -i '/MaxStartups /'d /etc/ssh/sshd_config
|
||||
echo "MaxStartups 1024" >>/etc/ssh/sshd_config
|
||||
sed -i 's/^\s*\(PermitRootLogin\s*\).*/\1yes/' /etc/ssh/sshd_config
|
||||
|
||||
|
||||
if [ "$SETUPFORPCM" = "1" ];then
|
||||
sed -i '/PasswordAuthentication /'d /etc/ssh/sshd_config
|
||||
echo "PasswordAuthentication yes" >>/etc/ssh/sshd_config
|
||||
@ -88,6 +87,7 @@ allowcred.awk &
|
||||
CREDPID=$!
|
||||
sleep 1
|
||||
|
||||
#download the ssh host dsa private keys
|
||||
if [ $useflowcontrol = "1" ]; then
|
||||
#first contact daemon xcatflowrequest <server> 3001
|
||||
logger -t xCAT -p local4.info "remoteshell: sending xcatflowrequest $master 3001"
|
||||
@ -154,6 +154,7 @@ else
|
||||
fi
|
||||
rm /tmp/ssh_dsa_hostkey
|
||||
|
||||
# download the host rsa key
|
||||
if [ $useflowcontrol = "1" ]; then
|
||||
#first contact daemon xcatflowrequest <server> 3001
|
||||
logger -t xCAT -p local4.info "remoteshell: sending xcatflowrequest $master 3001"
|
||||
@ -165,6 +166,7 @@ if [ $useflowcontrol = "1" ]; then
|
||||
useflowcontrol=0
|
||||
fi
|
||||
fi
|
||||
|
||||
getcredentials.awk ssh_rsa_hostkey | grep -E -v '</{0,1}xcatresponse>|</{0,1}serverdone>' | sed -e 's/</</' -e 's/>/>/' -e 's/&/&/' -e 's/"/"/' -e "s/'/'/" > /tmp/ssh_rsa_hostkey
|
||||
|
||||
#check whether the message is an error or not
|
||||
@ -218,6 +220,75 @@ else
|
||||
fi
|
||||
rm /tmp/ssh_rsa_hostkey
|
||||
|
||||
# if there is a ecdsa host key on the node then download the replacement from the MN/SN
|
||||
if [ -f ssh_host_ecdsa_key ]; then
|
||||
# download the host ecdsa key
|
||||
if [ $useflowcontrol = "1" ]; then
|
||||
#first contact daemon xcatflowrequest <server> 3001
|
||||
logger -t xCAT -p local4.info "remoteshell: sending xcatflowrequest $master 3001"
|
||||
/$xcatpost/xcatflowrequest $master 3001
|
||||
rc=$?
|
||||
logger -t xCAT -p local4.info "remoteshell:xcatflowrequest return=$rc"
|
||||
if [ $rc -ne 0 ]; then
|
||||
logger -t xCAT -p local4.info "remoteshell: error from xcatflowrequest, will not use flow control"
|
||||
useflowcontrol=0
|
||||
fi
|
||||
fi
|
||||
|
||||
getcredentials.awk ssh_ecdsa_hostkey | grep -E -v '</{0,1}xcatresponse>|</{0,1}serverdone>' | sed -e 's/</</' -e 's/>/>/' -e 's/&/&/' -e 's/"/"/' -e "s/'/'/" > /tmp/ssh_ecdsa_hostkey
|
||||
|
||||
#check whether the message is an error or not
|
||||
grep -E '<error>' /tmp/ssh_ecdsa_hostkey
|
||||
if [ $? -ne 0 ]; then
|
||||
#the message received is the data we request
|
||||
cat /tmp/ssh_ecdsa_hostkey | grep -E -v '</{0,1}errorcode>|/{0,1}data>|</{0,1}content>|</{0,1}desc>' >/etc/ssh/ssh_host_ecdsa_key
|
||||
logger -t xCAT -p local4.info ssh_ecdsa_hostkey
|
||||
MYCONT=`cat /etc/ssh/ssh_host_ecdsa_key`
|
||||
MAX_RETRIES=10
|
||||
RETRY=0
|
||||
while [ -z "$MYCONT" ]; do
|
||||
# not using flow control , need to sleep
|
||||
if [ $useflowcontrol = "0" ]; then
|
||||
let SLI=$RANDOM%10
|
||||
let SLI=SLI+10
|
||||
sleep $SLI
|
||||
fi
|
||||
RETRY=$(($RETRY+1))
|
||||
if [ $RETRY -eq $MAX_RETRIES ]
|
||||
then
|
||||
break
|
||||
fi
|
||||
if [ $useflowcontrol = "1" ]; then
|
||||
#first contact daemon xcatflowrequest <server> 3001
|
||||
logger -t xCAT -p local4.info "remoteshell: sending xcatflowrequest $master 3001"
|
||||
/$xcatpost/xcatflowrequest $master 3001
|
||||
rc=$?
|
||||
logger -t xCAT -p local4.info "remoteshell:xcatflowrequest return=$rc"
|
||||
if [ $rc -ne 0 ]; then
|
||||
logger -t xCAT -p local4.info "remoteshell: error from xcatflowrequest, will not use flow control"
|
||||
useflowcontrol=0
|
||||
fi
|
||||
fi
|
||||
|
||||
getcredentials.awk ssh_ecdsa_hostkey | grep -v '<'|sed -e 's/</</' -e 's/>/>/' -e 's/&/&/' -e 's/"/"/' -e "s/'/'/" > /etc/ssh/ssh_host_ecdsa_key
|
||||
MYCONT=`cat /etc/ssh/ssh_host_ecdsa_key`
|
||||
done
|
||||
chmod 600 /etc/ssh/ssh_host_ecdsa_key
|
||||
if ! grep "PRIVATE KEY" /etc/ssh/ssh_host_ecdsa_key > /dev/null 2>&1 ; then
|
||||
rm /etc/ssh/ssh_host_ecdsa_key
|
||||
else
|
||||
ssh-keygen -y -f /etc/ssh/ssh_host_ecdsa_key > /etc/ssh/ssh_host_ecdsa_key.pub
|
||||
chmod 644 /etc/ssh/ssh_host_ecdsa_key.pub
|
||||
chown root /etc/ssh/ssh_host_ecdsa_key.pub
|
||||
fi
|
||||
else
|
||||
#This is an error message
|
||||
ERR_MSG=`sed -n 's%.*<error>\(.*\)</error>.*%\1%p' /tmp/ssh_ecdsa_hostkey`
|
||||
logger -t xCAT -p local4.err Error: $ERR_MSG
|
||||
fi
|
||||
rm /tmp/ssh_ecdsa_hostkey
|
||||
fi
|
||||
|
||||
if [[ $NTYPE = service ]]; then
|
||||
mkdir -p /etc/xcat/hostkeys
|
||||
cp /etc/ssh/ssh* /etc/xcat/hostkeys/.
|
||||
|
Loading…
Reference in New Issue
Block a user