Skip newer agent behaviors with incompatible old ssh

The previous attempt to support older ssh failed to completely enact old behavior when needed.
2024-11-22 17:43:14 +00:00 · 2021-06-04 13:40:39 -04:00 · 2021-06-04 13:40:39 -04:00 · b8ddf149bd
commit b8ddf149bd
parent bf158bc5aa
1 changed files with 7 additions and 3 deletions
--- a/confluent_server/confluent/sshutil.py
+++ b/confluent_server/confluent/sshutil.py
@ -34,7 +34,7 @@ def normalize_uid():

 def assure_agent():
    if sshver() <= 7.6:
-        return
+        return False
    global agent_pid
    if agent_pid is None:
        sai = subprocess.check_output(['ssh-agent'])
@ -51,6 +51,7 @@ def assure_agent():
            if k == 'SSH_AGENT_PID':
                agent_pid = v
            os.environ[k] = v
+    return True

 def get_passphrase():
    if sshver() <= 7.6:
@ -90,9 +91,11 @@ def initialize_ca():


 def prep_ssh_key(keyname):
-    assure_agent()
    if keyname in ready_keys:
        return
+    if not assure_agent():
+        ready_keys[keyname] = 1
+        return
    tmpdir = tempfile.mkdtemp()
    try:
        askpass = os.path.join(tmpdir, 'askpass.sh')
@ -121,8 +124,9 @@ def sign_host_key(pubkey, nodename, principals=()):
        principals.add(nodename)
        principals = ','.join(sorted(principals))
        flags = '-Us' if sshver() > 7.6 else '-s'
+        keyname = '/etc/confluent/ssh/ca.pub' if flags == '-Us' else '/etc/confluent/ssh/ca'
        subprocess.check_call(
-            ['ssh-keygen', flags, '/etc/confluent/ssh/ca.pub', '-I', nodename,
+            ['ssh-keygen', flags, keyname, '-I', nodename,
             '-n', principals, '-h', pkeyname])
        certname = pkeyname.replace('.pub', '-cert.pub')
        with open(certname) as cert: