diff --git a/perl-xCAT/xCAT/Utils.pm b/perl-xCAT/xCAT/Utils.pm index c4c2c235f..dd591d584 100644 --- a/perl-xCAT/xCAT/Utils.pm +++ b/perl-xCAT/xCAT/Utils.pm @@ -1330,7 +1330,8 @@ sub setupSSH } } - + + # comment out authorized_keys2 setup # build the shell copy script, needed Perl not always there # for root and non-root ids open(FILE, ">$home/.ssh/copy.sh") @@ -1341,9 +1342,9 @@ home=`egrep \"^$to_userid:\" /etc/passwd | cut -f6 -d :` dest_dir=\"\$home/.ssh\" mkdir -p \$dest_dir cat /tmp/$to_userid/.ssh/authorized_keys >> \$home/.ssh/authorized_keys 2>&1 -cat /tmp/$to_userid/.ssh/authorized_keys2 >> \$home/.ssh/authorized_keys2 2>&1 +#cat /tmp/$to_userid/.ssh/authorized_keys2 >> \$home/.ssh/authorized_keys2 2>&1 cp /tmp/$to_userid/.ssh/id_rsa \$home/.ssh/id_rsa 2>&1 -cp /tmp/$to_userid/.ssh/id_dsa \$home/.ssh/id_dsa 2>&1 +#cp /tmp/$to_userid/.ssh/id_dsa \$home/.ssh/id_dsa 2>&1 chmod 0600 \$home/.ssh/id_* 2>&1 rm -f /tmp/$to_userid/.ssh/* 2>&1 rmdir \"/tmp/$to_userid/.ssh\" @@ -1374,19 +1375,20 @@ rmdir \"/tmp/$to_userid\""; } $auth_key=1; } - if (-e("$home/.ssh/authorized_keys2")) { - my $cmd="mv $home/.ssh/authorized_keys2 $home/.ssh/authorized_keys2.xcatbackup"; - xCAT::Utils->runcmd($cmd, 0); - my $rsp = {}; - if ($::RUNCMD_RC != 0) - { - $rsp->{data}->[0] = "$cmd failed.\n"; - xCAT::MsgUtils->message("E", $rsp, $::CALLBACK); - return (1); + # comment out authorized_keys2 setup + #if (-e("$home/.ssh/authorized_keys2")) { + #my $cmd="mv $home/.ssh/authorized_keys2 $home/.ssh/authorized_keys2.xcatbackup"; + #xCAT::Utils->runcmd($cmd, 0); + #my $rsp = {}; + #if ($::RUNCMD_RC != 0) + #{ + # $rsp->{data}->[0] = "$cmd failed.\n"; + # xCAT::MsgUtils->message("E", $rsp, $::CALLBACK); + # return (1); - } - $auth_key2=1; - } + #} + #$auth_key2=1; + #} if ($from_userid eq "root") { @@ -1434,7 +1436,7 @@ rmdir \"/tmp/$to_userid\""; } # if on the MN - # remove the created authorized_keys* and restore if a backed up + # remove the created authorized_keys and restore if a backed up # version of authorized_keys* was created because the file # existed when the command was run if (xCAT::Utils->isMN()) @@ -1469,38 +1471,39 @@ rmdir \"/tmp/$to_userid\""; } } - if ($auth_key2 == 1) { # need to restore - my $cmd= - "cp $home/.ssh/authorized_keys2.xcatbackup $home/.ssh/authorized_keys2"; - xCAT::Utils->runcmd($cmd, 0); - my $rsp = {}; - if ($::RUNCMD_RC != 0) - { - $rsp->{data}->[0] = "$cmd failed.\n"; - xCAT::MsgUtils->message("E", $rsp, $::CALLBACK); - return (1); + # comment out authorized_keys2 setup + #if ($auth_key2 == 1) { # need to restore + # my $cmd= + # "cp $home/.ssh/authorized_keys2.xcatbackup $home/.ssh/authorized_keys2"; + #xCAT::Utils->runcmd($cmd, 0); + #my $rsp = {}; + #if ($::RUNCMD_RC != 0) + #{ + # $rsp->{data}->[0] = "$cmd failed.\n"; + # xCAT::MsgUtils->message("E", $rsp, $::CALLBACK); + # return (1); + + # } + # $cmd = "rm $home/.ssh/authorized_keys2.xcatbackup"; + # xCAT::Utils->runcmd($cmd, 0); + # my $rsp = {}; + # if ($::RUNCMD_RC != 0) + # { + # $rsp->{data}->[0] = "$cmd failed.\n"; + # xCAT::MsgUtils->message("E", $rsp, $::CALLBACK); + # } - } - $cmd = "rm $home/.ssh/authorized_keys2.xcatbackup"; - xCAT::Utils->runcmd($cmd, 0); - my $rsp = {}; - if ($::RUNCMD_RC != 0) - { - $rsp->{data}->[0] = "$cmd failed.\n"; - xCAT::MsgUtils->message("E", $rsp, $::CALLBACK); - } + #} else { # just delete it + # $cmd = "rm $home/.ssh/authorized_keys2"; + # xCAT::Utils->runcmd($cmd, 0); + # my $rsp = {}; + # if ($::RUNCMD_RC != 0) + # { + # $rsp->{data}->[0] = "$cmd failed.\n"; + # xCAT::MsgUtils->message("E", $rsp, $::CALLBACK); - } else { # just delete it - $cmd = "rm $home/.ssh/authorized_keys2"; - xCAT::Utils->runcmd($cmd, 0); - my $rsp = {}; - if ($::RUNCMD_RC != 0) - { - $rsp->{data}->[0] = "$cmd failed.\n"; - xCAT::MsgUtils->message("E", $rsp, $::CALLBACK); - - } - } + # } + #} } # must always check to see if worked, run test @@ -1571,18 +1574,20 @@ sub cpSSHFiles } my $home = xCAT::Utils->getHomeDir("root"); - if ( !(-e "$home/.ssh/identity.pub") - || !(-e "$home/.ssh/id_rsa.pub") - || !(-e "$home/.ssh/id_dsa.pub")) + if (!(-e "$home/.ssh/id_rsa.pub")) # only using rsa + #if ( !(-e "$home/.ssh/identity.pub") + # || !(-e "$home/.ssh/id_rsa.pub") + # || !(-e "$home/.ssh/id_dsa.pub")) { - $rsp->{data}->[0] = "A public key was missing in the .ssh directory."; + $rsp->{data}->[0] = "Public key id_rsa.pub was missing in the .ssh directory."; xCAT::MsgUtils->message("E", $rsp, $::CALLBACK); return 1; } # copy to install directory my $authorized_keys = "$SSHdir/authorized_keys"; - $cmd = " cp $home/.ssh/identity.pub $authorized_keys"; + # changed from identity.pub + $cmd = " cp $home/.ssh/id_rsa.pub $authorized_keys"; xCAT::Utils->runcmd($cmd, 0); my $rsp = {}; if ($::RUNCMD_RC != 0) @@ -1602,7 +1607,8 @@ sub cpSSHFiles } # copy to home ssh directory - $cmd = " cp $home/.ssh/identity.pub $home/.ssh/authorized_keys"; + # changed from identity.pub + $cmd = " cp $home/.ssh/id_rsa.pub $home/.ssh/authorized_keys"; xCAT::Utils->runcmd($cmd, 0); my $rsp = {}; if ($::RUNCMD_RC != 0) @@ -1623,86 +1629,90 @@ sub cpSSHFiles } # copy to install directory - my $authorized_keys2 = "$SSHdir/authorized_keys2"; - $cmd = "cp $home/.ssh/id_rsa.pub $authorized_keys2"; - xCAT::Utils->runcmd($cmd, 0); - if ($::RUNCMD_RC != 0) - { - $rsp->{data}->[0] = "$cmd failed.\n"; - xCAT::MsgUtils->message("E", $rsp, $::CALLBACK); - return (1); - - } - else - { - if ($::VERBOSE) - { - $rsp->{data}->[0] = "$cmd succeeded.\n"; - xCAT::MsgUtils->message("I", $rsp, $::CALLBACK); - } - } + # comment out authorized_keys2 setup + #my $authorized_keys2 = "$SSHdir/authorized_keys2"; + #$cmd = "cp $home/.ssh/id_rsa.pub $authorized_keys2"; + #xCAT::Utils->runcmd($cmd, 0); + #if ($::RUNCMD_RC != 0) + #{ + # $rsp->{data}->[0] = "$cmd failed.\n"; + # xCAT::MsgUtils->message("E", $rsp, $::CALLBACK); + # return (1); + #} + #else + #{ + # if ($::VERBOSE) + # { + # $rsp->{data}->[0] = "$cmd succeeded.\n"; + # xCAT::MsgUtils->message("I", $rsp, $::CALLBACK); + # } + # } # copy to home ssh directory - $cmd = "cp $home/.ssh/id_rsa.pub $home/.ssh/authorized_keys2"; - xCAT::Utils->runcmd($cmd, 0); - if ($::RUNCMD_RC != 0) - { - $rsp->{data}->[0] = "$cmd failed.\n"; - xCAT::MsgUtils->message("E", $rsp, $::CALLBACK); - return (1); + # comment out authorized_keys2 setup + #$cmd = "cp $home/.ssh/id_rsa.pub $home/.ssh/authorized_keys2"; + #xCAT::Utils->runcmd($cmd, 0); + #if ($::RUNCMD_RC != 0) + #{ + # $rsp->{data}->[0] = "$cmd failed.\n"; + # xCAT::MsgUtils->message("E", $rsp, $::CALLBACK); + # return (1); - } - else - { - chmod 0600, "$home/.ssh/authorized_keys2"; - if ($::VERBOSE) - { - $rsp->{data}->[0] = "$cmd succeeded.\n"; - xCAT::MsgUtils->message("I", $rsp, $::CALLBACK); - } - } + #} + #else + #{ + # chmod 0600, "$home/.ssh/authorized_keys2"; + # if ($::VERBOSE) + # { + # $rsp->{data}->[0] = "$cmd succeeded.\n"; + # xCAT::MsgUtils->message("I", $rsp, $::CALLBACK); + # } + #} # add dsa key to install directory - my $rsp = {}; - $cmd = "cat $home/.ssh/id_dsa.pub >> $authorized_keys2"; - xCAT::Utils->runcmd($cmd, 0); - if ($::RUNCMD_RC != 0) - { - $rsp->{data}->[0] = "$cmd failed.\n"; - xCAT::MsgUtils->message("E", $rsp, $::CALLBACK); - return (1); + # comment out authorized_keys2 setup + #my $rsp = {}; + #$cmd = "cat $home/.ssh/id_dsa.pub >> $authorized_keys2"; + #xCAT::Utils->runcmd($cmd, 0); + #if ($::RUNCMD_RC != 0) + #{ + # $rsp->{data}->[0] = "$cmd failed.\n"; + # xCAT::MsgUtils->message("E", $rsp, $::CALLBACK); + # return (1); - } - else - { - if ($::VERBOSE) - { - $rsp->{data}->[0] = "$cmd succeeded.\n"; - xCAT::MsgUtils->message("I", $rsp, $::CALLBACK); - } - } + # } + # else + # { + # if ($::VERBOSE) + # { + # $rsp->{data}->[0] = "$cmd succeeded.\n"; + # xCAT::MsgUtils->message("I", $rsp, $::CALLBACK); + # } + # } # add dsa key to home ssh directory - my $rsp = {}; - $cmd = "cat $home/.ssh/id_dsa.pub >> $home/.ssh/authorized_keys2"; - xCAT::Utils->runcmd($cmd, 0); - if ($::RUNCMD_RC != 0) - { - $rsp->{data}->[0] = "$cmd failed.\n"; - xCAT::MsgUtils->message("E", $rsp, $::CALLBACK); - return (1); + # comment out authorized_keys2 setup + #my $rsp = {}; + #$cmd = "cat $home/.ssh/id_dsa.pub >> $home/.ssh/authorized_keys2"; + #xCAT::Utils->runcmd($cmd, 0); + #if ($::RUNCMD_RC != 0) + #{ + # $rsp->{data}->[0] = "$cmd failed.\n"; + # xCAT::MsgUtils->message("E", $rsp, $::CALLBACK); + # return (1); - } - else - { - if ($::VERBOSE) - { - $rsp->{data}->[0] = "$cmd succeeded.\n"; - xCAT::MsgUtils->message("I", $rsp, $::CALLBACK); - } - } + #} + # else + # { + # if ($::VERBOSE) + # { + # $rsp->{data}->[0] = "$cmd succeeded.\n"; + # xCAT::MsgUtils->message("I", $rsp, $::CALLBACK); + # } + # } - if (!(-e "$authorized_keys") || !(-e "$authorized_keys2")) + #if (!(-e "$authorized_keys") || !(-e "$authorized_keys2")) + if (!(-e "$authorized_keys")) { return 1; } @@ -1747,14 +1757,16 @@ sub bldnonrootSSHFiles } my $home = xCAT::Utils->getHomeDir($from_userid); my $roothome = xCAT::Utils->getHomeDir("root"); - - if ( !(-e "$home/.ssh/identity.pub") - || !(-e "$home/.ssh/id_rsa.pub") - || !(-e "$home/.ssh/id_dsa.pub")) + # comment out authorized_keys2 + if (!(-e "$home/.ssh/id_rsa.pub")) + #if ( !(-e "$home/.ssh/identity.pub") + # || !(-e "$home/.ssh/id_rsa.pub") + # || !(-e "$home/.ssh/id_dsa.pub")) { return 1; } - $cmd = " cp $home/.ssh/identity.pub $home/.ssh/authorized_keys"; + #$cmd = " cp $home/.ssh/identity.pub $home/.ssh/authorized_keys"; + $cmd = " cp $home/.ssh/id_rsa.pub $home/.ssh/authorized_keys"; xCAT::Utils->runcmd($cmd, 0); my $rsp = {}; if ($::RUNCMD_RC != 0) @@ -1774,49 +1786,51 @@ sub bldnonrootSSHFiles } } - my $rsp = {}; - $cmd = "cp $home/.ssh/id_rsa.pub $home/.ssh/authorized_keys2"; - xCAT::Utils->runcmd($cmd, 0); - if ($::RUNCMD_RC != 0) - { - $rsp->{data}->[0] = "$cmd failed.\n"; - xCAT::MsgUtils->message("E", $rsp, $::CALLBACK); - return (1); + # comment out authorized_keys2 + #my $rsp = {}; + #$cmd = "cp $home/.ssh/id_rsa.pub $home/.ssh/authorized_keys2"; + #xCAT::Utils->runcmd($cmd, 0); + #if ($::RUNCMD_RC != 0) + #{ + # $rsp->{data}->[0] = "$cmd failed.\n"; + # xCAT::MsgUtils->message("E", $rsp, $::CALLBACK); + # return (1); - } - else - { - chmod 0600, "$home/.ssh/authorized_keys2"; - if ($::VERBOSE) - { - $rsp->{data}->[0] = "$cmd succeeded.\n"; - xCAT::MsgUtils->message("I", $rsp, $::CALLBACK); - } - } + #} + #else + #{ + # chmod 0600, "$home/.ssh/authorized_keys2"; + # if ($::VERBOSE) + # { + # $rsp->{data}->[0] = "$cmd succeeded.\n"; + # xCAT::MsgUtils->message("I", $rsp, $::CALLBACK); + # } + #} - my $rsp = {}; - $cmd = "cat $home/.ssh/id_dsa.pub >> $home/.ssh/authorized_keys2"; - xCAT::Utils->runcmd($cmd, 0); - if ($::RUNCMD_RC != 0) - { - $rsp->{data}->[0] = "$cmd failed.\n"; - xCAT::MsgUtils->message("E", $rsp, $::CALLBACK); - return (1); + #my $rsp = {}; + #$cmd = "cat $home/.ssh/id_dsa.pub >> $home/.ssh/authorized_keys2"; + #xCAT::Utils->runcmd($cmd, 0); + #if ($::RUNCMD_RC != 0) + # { + # $rsp->{data}->[0] = "$cmd failed.\n"; + # xCAT::MsgUtils->message("E", $rsp, $::CALLBACK); + # return (1); - } - else - { - if ($::VERBOSE) - { - $rsp->{data}->[0] = "$cmd succeeded.\n"; - xCAT::MsgUtils->message("I", $rsp, $::CALLBACK); - } - } + #} + #else + #{ + # if ($::VERBOSE) + # { + # $rsp->{data}->[0] = "$cmd succeeded.\n"; + # xCAT::MsgUtils->message("I", $rsp, $::CALLBACK); + # } + #} # add roots keys # if cannot access, warn and continue my $rsp = {}; - $cmd = "cat $roothome/.ssh/identity.pub >> $home/.ssh/authorized_keys"; + #$cmd = "cat $roothome/.ssh/identity.pub >> $home/.ssh/authorized_keys"; + $cmd = "cat $roothome/.ssh/id_rsa.pub >> $home/.ssh/authorized_keys"; xCAT::Utils->runcmd($cmd, 0); if ($::RUNCMD_RC != 0) { @@ -1832,42 +1846,43 @@ sub bldnonrootSSHFiles xCAT::MsgUtils->message("I", $rsp, $::CALLBACK); } } - my $rsp = {}; - $cmd = "cat $roothome/.ssh/id_rsa.pub >> $home/.ssh/authorized_keys2"; - xCAT::Utils->runcmd($cmd, 0); - if ($::RUNCMD_RC != 0) - { - $rsp->{data}->[0] = "Warning: Cannot give $from_userid root ssh authority. \n"; - xCAT::MsgUtils->message("I", $rsp, $::CALLBACK); + # comment out authorized_keys2 + #my $rsp = {}; + #$cmd = "cat $roothome/.ssh/id_rsa.pub >> $home/.ssh/authorized_keys2"; + #xCAT::Utils->runcmd($cmd, 0); + #if ($::RUNCMD_RC != 0) + #{ + # $rsp->{data}->[0] = "Warning: Cannot give $from_userid root ssh authority. \n"; + # xCAT::MsgUtils->message("I", $rsp, $::CALLBACK); - } - else - { - if ($::VERBOSE) - { - $rsp->{data}->[0] = "$cmd succeeded.\n"; - xCAT::MsgUtils->message("I", $rsp, $::CALLBACK); - } - } + #} + #else + #{ + # if ($::VERBOSE) + # { + # $rsp->{data}->[0] = "$cmd succeeded.\n"; + # xCAT::MsgUtils->message("I", $rsp, $::CALLBACK); + # } + #} - my $rsp = {}; - $cmd = "cat $roothome/.ssh/id_dsa.pub >> $home/.ssh/authorized_keys2"; - xCAT::Utils->runcmd($cmd, 0); - if ($::RUNCMD_RC != 0) - { - $rsp->{data}->[0] = "Warning: Cannot give $from_userid root ssh authority. \n"; - xCAT::MsgUtils->message("E", $rsp, $::CALLBACK); - return (1); + # my $rsp = {}; + # $cmd = "cat $roothome/.ssh/id_dsa.pub >> $home/.ssh/authorized_keys2"; + # xCAT::Utils->runcmd($cmd, 0); + # if ($::RUNCMD_RC != 0) + # { + # $rsp->{data}->[0] = "Warning: Cannot give $from_userid root ssh authority. \n"; + # xCAT::MsgUtils->message("E", $rsp, $::CALLBACK); + # return (1); - } - else - { - if ($::VERBOSE) - { - $rsp->{data}->[0] = "$cmd succeeded.\n"; - xCAT::MsgUtils->message("I", $rsp, $::CALLBACK); - } - } + # } + # else + # { + # if ($::VERBOSE) + # { + # $rsp->{data}->[0] = "$cmd succeeded.\n"; + # xCAT::MsgUtils->message("I", $rsp, $::CALLBACK); + # } + # } return (0); }