arif/xcat-core
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

remove id_dsa generation and creation of authorized_keys2 when running xdsh -K

Browse Source 
git-svn-id: https://svn.code.sf.net/p/xcat/code/xcat-core/trunk@5038 8638fb3e-16cb-4fca-ae20-7b5d299a9bcd
This commit is contained in:
lissav 2010-01-25 18:51:12 +00:00
parent 6b952eb316
commit 83760ebf5d
1 changed files with 211 additions and 196 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

407
perl-xCAT/xCAT/Utils.pm
View File

@ -1330,7 +1330,8 @@ sub setupSSH
}
}
# comment out authorized_keys2 setup
# build the shell copy script, needed Perl not always there
# for root and non-root ids
open(FILE, ">$home/.ssh/copy.sh")
@ -1341,9 +1342,9 @@ home=`egrep \"^$to_userid:\" /etc/passwd | cut -f6 -d :`
dest_dir=\"\$home/.ssh\"
mkdir -p \$dest_dir
cat /tmp/$to_userid/.ssh/authorized_keys >> \$home/.ssh/authorized_keys 2>&1
cat /tmp/$to_userid/.ssh/authorized_keys2 >> \$home/.ssh/authorized_keys2 2>&1
#cat /tmp/$to_userid/.ssh/authorized_keys2 >> \$home/.ssh/authorized_keys2 2>&1
cp /tmp/$to_userid/.ssh/id_rsa \$home/.ssh/id_rsa 2>&1
cp /tmp/$to_userid/.ssh/id_dsa \$home/.ssh/id_dsa 2>&1
#cp /tmp/$to_userid/.ssh/id_dsa \$home/.ssh/id_dsa 2>&1
chmod 0600 \$home/.ssh/id_* 2>&1
rm -f /tmp/$to_userid/.ssh/* 2>&1
rmdir \"/tmp/$to_userid/.ssh\"
@ -1374,19 +1375,20 @@ rmdir \"/tmp/$to_userid\"";
}
$auth_key=1;
}
if (-e("$home/.ssh/authorized_keys2")) {
my $cmd="mv $home/.ssh/authorized_keys2 $home/.ssh/authorized_keys2.xcatbackup";
xCAT::Utils->runcmd($cmd, 0);
my $rsp = {};
if ($::RUNCMD_RC != 0)
{
$rsp->{data}->[0] = "$cmd failed.\n";
xCAT::MsgUtils->message("E", $rsp, $::CALLBACK);
return (1);
# comment out authorized_keys2 setup
#if (-e("$home/.ssh/authorized_keys2")) {
#my $cmd="mv $home/.ssh/authorized_keys2 $home/.ssh/authorized_keys2.xcatbackup";
#xCAT::Utils->runcmd($cmd, 0);
#my $rsp = {};
#if ($::RUNCMD_RC != 0)
#{
# $rsp->{data}->[0] = "$cmd failed.\n";
# xCAT::MsgUtils->message("E", $rsp, $::CALLBACK);
# return (1);
}
$auth_key2=1;
}
#}
#$auth_key2=1;
#}
if ($from_userid eq "root")
{
@ -1434,7 +1436,7 @@ rmdir \"/tmp/$to_userid\"";
}
# if on the MN
# remove the created authorized_keys* and restore if a backed up
# remove the created authorized_keys and restore if a backed up
# version of authorized_keys* was created because the file
# existed when the command was run
if (xCAT::Utils->isMN())
@ -1469,38 +1471,39 @@ rmdir \"/tmp/$to_userid\"";
}
}
if ($auth_key2 == 1) { # need to restore
my $cmd=
"cp $home/.ssh/authorized_keys2.xcatbackup $home/.ssh/authorized_keys2";
xCAT::Utils->runcmd($cmd, 0);
my $rsp = {};
if ($::RUNCMD_RC != 0)
{
$rsp->{data}->[0] = "$cmd failed.\n";
xCAT::MsgUtils->message("E", $rsp, $::CALLBACK);
return (1);
# comment out authorized_keys2 setup
#if ($auth_key2 == 1) { # need to restore
# my $cmd=
# "cp $home/.ssh/authorized_keys2.xcatbackup $home/.ssh/authorized_keys2";
#xCAT::Utils->runcmd($cmd, 0);
#my $rsp = {};
#if ($::RUNCMD_RC != 0)
#{
# $rsp->{data}->[0] = "$cmd failed.\n";
# xCAT::MsgUtils->message("E", $rsp, $::CALLBACK);
# return (1);
# }
# $cmd = "rm $home/.ssh/authorized_keys2.xcatbackup";
# xCAT::Utils->runcmd($cmd, 0);
# my $rsp = {};
# if ($::RUNCMD_RC != 0)
# {
# $rsp->{data}->[0] = "$cmd failed.\n";
# xCAT::MsgUtils->message("E", $rsp, $::CALLBACK);
# }
}
$cmd = "rm $home/.ssh/authorized_keys2.xcatbackup";
xCAT::Utils->runcmd($cmd, 0);
my $rsp = {};
if ($::RUNCMD_RC != 0)
{
$rsp->{data}->[0] = "$cmd failed.\n";
xCAT::MsgUtils->message("E", $rsp, $::CALLBACK);
}
#} else { # just delete it
# $cmd = "rm $home/.ssh/authorized_keys2";
# xCAT::Utils->runcmd($cmd, 0);
# my $rsp = {};
# if ($::RUNCMD_RC != 0)
# {
# $rsp->{data}->[0] = "$cmd failed.\n";
# xCAT::MsgUtils->message("E", $rsp, $::CALLBACK);
} else { # just delete it
$cmd = "rm $home/.ssh/authorized_keys2";
xCAT::Utils->runcmd($cmd, 0);
my $rsp = {};
if ($::RUNCMD_RC != 0)
{
$rsp->{data}->[0] = "$cmd failed.\n";
xCAT::MsgUtils->message("E", $rsp, $::CALLBACK);
}
}
# }
#}
}
# must always check to see if worked, run test
@ -1571,18 +1574,20 @@ sub cpSSHFiles
}
my $home = xCAT::Utils->getHomeDir("root");
if ( !(-e "$home/.ssh/identity.pub")
|| !(-e "$home/.ssh/id_rsa.pub")
|| !(-e "$home/.ssh/id_dsa.pub"))
if (!(-e "$home/.ssh/id_rsa.pub")) # only using rsa
#if ( !(-e "$home/.ssh/identity.pub")
# || !(-e "$home/.ssh/id_rsa.pub")
# || !(-e "$home/.ssh/id_dsa.pub"))
{
$rsp->{data}->[0] = "A public key was missing in the .ssh directory.";
$rsp->{data}->[0] = "Public key id_rsa.pub was missing in the .ssh directory.";
xCAT::MsgUtils->message("E", $rsp, $::CALLBACK);
return 1;
}
# copy to install directory
my $authorized_keys = "$SSHdir/authorized_keys";
$cmd = " cp $home/.ssh/identity.pub $authorized_keys";
# changed from identity.pub
$cmd = " cp $home/.ssh/id_rsa.pub $authorized_keys";
xCAT::Utils->runcmd($cmd, 0);
my $rsp = {};
if ($::RUNCMD_RC != 0)
@ -1602,7 +1607,8 @@ sub cpSSHFiles
}
# copy to home ssh directory
$cmd = " cp $home/.ssh/identity.pub $home/.ssh/authorized_keys";
# changed from identity.pub
$cmd = " cp $home/.ssh/id_rsa.pub $home/.ssh/authorized_keys";
xCAT::Utils->runcmd($cmd, 0);
my $rsp = {};
if ($::RUNCMD_RC != 0)
@ -1623,86 +1629,90 @@ sub cpSSHFiles
}
# copy to install directory
my $authorized_keys2 = "$SSHdir/authorized_keys2";
$cmd = "cp $home/.ssh/id_rsa.pub $authorized_keys2";
xCAT::Utils->runcmd($cmd, 0);
if ($::RUNCMD_RC != 0)
{
$rsp->{data}->[0] = "$cmd failed.\n";
xCAT::MsgUtils->message("E", $rsp, $::CALLBACK);
return (1);
}
else
{
if ($::VERBOSE)
{
$rsp->{data}->[0] = "$cmd succeeded.\n";
xCAT::MsgUtils->message("I", $rsp, $::CALLBACK);
}
}
# comment out authorized_keys2 setup
#my $authorized_keys2 = "$SSHdir/authorized_keys2";
#$cmd = "cp $home/.ssh/id_rsa.pub $authorized_keys2";
#xCAT::Utils->runcmd($cmd, 0);
#if ($::RUNCMD_RC != 0)
#{
# $rsp->{data}->[0] = "$cmd failed.\n";
# xCAT::MsgUtils->message("E", $rsp, $::CALLBACK);
# return (1);
#}
#else
#{
# if ($::VERBOSE)
# {
# $rsp->{data}->[0] = "$cmd succeeded.\n";
# xCAT::MsgUtils->message("I", $rsp, $::CALLBACK);
# }
# }
# copy to home ssh directory
$cmd = "cp $home/.ssh/id_rsa.pub $home/.ssh/authorized_keys2";
xCAT::Utils->runcmd($cmd, 0);
if ($::RUNCMD_RC != 0)
{
$rsp->{data}->[0] = "$cmd failed.\n";
xCAT::MsgUtils->message("E", $rsp, $::CALLBACK);
return (1);
# comment out authorized_keys2 setup
#$cmd = "cp $home/.ssh/id_rsa.pub $home/.ssh/authorized_keys2";
#xCAT::Utils->runcmd($cmd, 0);
#if ($::RUNCMD_RC != 0)
#{
# $rsp->{data}->[0] = "$cmd failed.\n";
# xCAT::MsgUtils->message("E", $rsp, $::CALLBACK);
# return (1);
}
else
{
chmod 0600, "$home/.ssh/authorized_keys2";
if ($::VERBOSE)
{
$rsp->{data}->[0] = "$cmd succeeded.\n";
xCAT::MsgUtils->message("I", $rsp, $::CALLBACK);
}
}
#}
#else
#{
# chmod 0600, "$home/.ssh/authorized_keys2";
# if ($::VERBOSE)
# {
# $rsp->{data}->[0] = "$cmd succeeded.\n";
# xCAT::MsgUtils->message("I", $rsp, $::CALLBACK);
# }
#}
# add dsa key to install directory
my $rsp = {};
$cmd = "cat $home/.ssh/id_dsa.pub >> $authorized_keys2";
xCAT::Utils->runcmd($cmd, 0);
if ($::RUNCMD_RC != 0)
{
$rsp->{data}->[0] = "$cmd failed.\n";
xCAT::MsgUtils->message("E", $rsp, $::CALLBACK);
return (1);
# comment out authorized_keys2 setup
#my $rsp = {};
#$cmd = "cat $home/.ssh/id_dsa.pub >> $authorized_keys2";
#xCAT::Utils->runcmd($cmd, 0);
#if ($::RUNCMD_RC != 0)
#{
# $rsp->{data}->[0] = "$cmd failed.\n";
# xCAT::MsgUtils->message("E", $rsp, $::CALLBACK);
# return (1);
}
else
{
if ($::VERBOSE)
{
$rsp->{data}->[0] = "$cmd succeeded.\n";
xCAT::MsgUtils->message("I", $rsp, $::CALLBACK);
}
}
# }
# else
# {
# if ($::VERBOSE)
# {
# $rsp->{data}->[0] = "$cmd succeeded.\n";
# xCAT::MsgUtils->message("I", $rsp, $::CALLBACK);
# }
# }
# add dsa key to home ssh directory
my $rsp = {};
$cmd = "cat $home/.ssh/id_dsa.pub >> $home/.ssh/authorized_keys2";
xCAT::Utils->runcmd($cmd, 0);
if ($::RUNCMD_RC != 0)
{
$rsp->{data}->[0] = "$cmd failed.\n";
xCAT::MsgUtils->message("E", $rsp, $::CALLBACK);
return (1);
# comment out authorized_keys2 setup
#my $rsp = {};
#$cmd = "cat $home/.ssh/id_dsa.pub >> $home/.ssh/authorized_keys2";
#xCAT::Utils->runcmd($cmd, 0);
#if ($::RUNCMD_RC != 0)
#{
# $rsp->{data}->[0] = "$cmd failed.\n";
# xCAT::MsgUtils->message("E", $rsp, $::CALLBACK);
# return (1);
}
else
{
if ($::VERBOSE)
{
$rsp->{data}->[0] = "$cmd succeeded.\n";
xCAT::MsgUtils->message("I", $rsp, $::CALLBACK);
}
}
#}
# else
# {
# if ($::VERBOSE)
# {
# $rsp->{data}->[0] = "$cmd succeeded.\n";
# xCAT::MsgUtils->message("I", $rsp, $::CALLBACK);
# }
# }
if (!(-e "$authorized_keys") || !(-e "$authorized_keys2"))
#if (!(-e "$authorized_keys") || !(-e "$authorized_keys2"))
if (!(-e "$authorized_keys"))
{
return 1;
}
@ -1747,14 +1757,16 @@ sub bldnonrootSSHFiles
}
my $home = xCAT::Utils->getHomeDir($from_userid);
my $roothome = xCAT::Utils->getHomeDir("root");
if ( !(-e "$home/.ssh/identity.pub")
|| !(-e "$home/.ssh/id_rsa.pub")
|| !(-e "$home/.ssh/id_dsa.pub"))
# comment out authorized_keys2
if (!(-e "$home/.ssh/id_rsa.pub"))
#if ( !(-e "$home/.ssh/identity.pub")
# || !(-e "$home/.ssh/id_rsa.pub")
# || !(-e "$home/.ssh/id_dsa.pub"))
{
return 1;
}
$cmd = " cp $home/.ssh/identity.pub $home/.ssh/authorized_keys";
#$cmd = " cp $home/.ssh/identity.pub $home/.ssh/authorized_keys";
$cmd = " cp $home/.ssh/id_rsa.pub $home/.ssh/authorized_keys";
xCAT::Utils->runcmd($cmd, 0);
my $rsp = {};
if ($::RUNCMD_RC != 0)
@ -1774,49 +1786,51 @@ sub bldnonrootSSHFiles
}
}
my $rsp = {};
$cmd = "cp $home/.ssh/id_rsa.pub $home/.ssh/authorized_keys2";
xCAT::Utils->runcmd($cmd, 0);
if ($::RUNCMD_RC != 0)
{
$rsp->{data}->[0] = "$cmd failed.\n";
xCAT::MsgUtils->message("E", $rsp, $::CALLBACK);
return (1);
# comment out authorized_keys2
#my $rsp = {};
#$cmd = "cp $home/.ssh/id_rsa.pub $home/.ssh/authorized_keys2";
#xCAT::Utils->runcmd($cmd, 0);
#if ($::RUNCMD_RC != 0)
#{
# $rsp->{data}->[0] = "$cmd failed.\n";
# xCAT::MsgUtils->message("E", $rsp, $::CALLBACK);
# return (1);
}
else
{
chmod 0600, "$home/.ssh/authorized_keys2";
if ($::VERBOSE)
{
$rsp->{data}->[0] = "$cmd succeeded.\n";
xCAT::MsgUtils->message("I", $rsp, $::CALLBACK);
}
}
#}
#else
#{
# chmod 0600, "$home/.ssh/authorized_keys2";
# if ($::VERBOSE)
# {
# $rsp->{data}->[0] = "$cmd succeeded.\n";
# xCAT::MsgUtils->message("I", $rsp, $::CALLBACK);
# }
#}
my $rsp = {};
$cmd = "cat $home/.ssh/id_dsa.pub >> $home/.ssh/authorized_keys2";
xCAT::Utils->runcmd($cmd, 0);
if ($::RUNCMD_RC != 0)
{
$rsp->{data}->[0] = "$cmd failed.\n";
xCAT::MsgUtils->message("E", $rsp, $::CALLBACK);
return (1);
#my $rsp = {};
#$cmd = "cat $home/.ssh/id_dsa.pub >> $home/.ssh/authorized_keys2";
#xCAT::Utils->runcmd($cmd, 0);
#if ($::RUNCMD_RC != 0)
# {
# $rsp->{data}->[0] = "$cmd failed.\n";
# xCAT::MsgUtils->message("E", $rsp, $::CALLBACK);
# return (1);
}
else
{
if ($::VERBOSE)
{
$rsp->{data}->[0] = "$cmd succeeded.\n";
xCAT::MsgUtils->message("I", $rsp, $::CALLBACK);
}
}
#}
#else
#{
# if ($::VERBOSE)
# {
# $rsp->{data}->[0] = "$cmd succeeded.\n";
# xCAT::MsgUtils->message("I", $rsp, $::CALLBACK);
# }
#}
# add roots keys
# if cannot access, warn and continue
my $rsp = {};
$cmd = "cat $roothome/.ssh/identity.pub >> $home/.ssh/authorized_keys";
#$cmd = "cat $roothome/.ssh/identity.pub >> $home/.ssh/authorized_keys";
$cmd = "cat $roothome/.ssh/id_rsa.pub >> $home/.ssh/authorized_keys";
xCAT::Utils->runcmd($cmd, 0);
if ($::RUNCMD_RC != 0)
{
@ -1832,42 +1846,43 @@ sub bldnonrootSSHFiles
xCAT::MsgUtils->message("I", $rsp, $::CALLBACK);
}
}
my $rsp = {};
$cmd = "cat $roothome/.ssh/id_rsa.pub >> $home/.ssh/authorized_keys2";
xCAT::Utils->runcmd($cmd, 0);
if ($::RUNCMD_RC != 0)
{
$rsp->{data}->[0] = "Warning: Cannot give $from_userid root ssh authority. \n";
xCAT::MsgUtils->message("I", $rsp, $::CALLBACK);
# comment out authorized_keys2
#my $rsp = {};
#$cmd = "cat $roothome/.ssh/id_rsa.pub >> $home/.ssh/authorized_keys2";
#xCAT::Utils->runcmd($cmd, 0);
#if ($::RUNCMD_RC != 0)
#{
# $rsp->{data}->[0] = "Warning: Cannot give $from_userid root ssh authority. \n";
# xCAT::MsgUtils->message("I", $rsp, $::CALLBACK);
}
else
{
if ($::VERBOSE)
{
$rsp->{data}->[0] = "$cmd succeeded.\n";
xCAT::MsgUtils->message("I", $rsp, $::CALLBACK);
}
}
#}
#else
#{
# if ($::VERBOSE)
# {
# $rsp->{data}->[0] = "$cmd succeeded.\n";
# xCAT::MsgUtils->message("I", $rsp, $::CALLBACK);
# }
#}
my $rsp = {};
$cmd = "cat $roothome/.ssh/id_dsa.pub >> $home/.ssh/authorized_keys2";
xCAT::Utils->runcmd($cmd, 0);
if ($::RUNCMD_RC != 0)
{
$rsp->{data}->[0] = "Warning: Cannot give $from_userid root ssh authority. \n";
xCAT::MsgUtils->message("E", $rsp, $::CALLBACK);
return (1);
# my $rsp = {};
# $cmd = "cat $roothome/.ssh/id_dsa.pub >> $home/.ssh/authorized_keys2";
# xCAT::Utils->runcmd($cmd, 0);
# if ($::RUNCMD_RC != 0)
# {
# $rsp->{data}->[0] = "Warning: Cannot give $from_userid root ssh authority. \n";
# xCAT::MsgUtils->message("E", $rsp, $::CALLBACK);
# return (1);
}
else
{
if ($::VERBOSE)
{
$rsp->{data}->[0] = "$cmd succeeded.\n";
xCAT::MsgUtils->message("I", $rsp, $::CALLBACK);
}
}
# }
# else
# {
# if ($::VERBOSE)
# {
# $rsp->{data}->[0] = "$cmd succeeded.\n";
# xCAT::MsgUtils->message("I", $rsp, $::CALLBACK);
# }
# }
return (0);
}