- Timestamp:
- Feb 18, 2016, 2:52:09 AM (8 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
0.13.2/pb/bin/pb
r2035 r2040 2538 2538 $cptarget = "CPAN"; 2539 2539 } else { 2540 my $keyfile = pb_ssh_get(0 );2540 my $keyfile = pb_ssh_get(0,$mac,$nport); 2541 2541 my $keyopt = ""; 2542 2542 $keyopt = "-i $keyfile" if ((defined $keyfile) && ($cmt !~ /Packages/)); … … 3569 3569 print SCRIPT "pb_system('rm -f /dev/null; mknod /dev/null c 1 3; chmod 777 /dev/null');\n" unless (($pbos->{'name'} =~ /^redhat/) && ($pbos->{'version'} =~ /^6/)); 3570 3570 } elsif ($vtype =~ /(v|r)m/) { 3571 my $keyfile; 3572 my ($zero0,$zero1,$zero2); 3573 3574 # Prepare the key to be used and transfered remotely 3575 $keyfile = pb_ssh_get(1); 3576 3577 # Store the pub key part in a variable 3578 open(FILE,"$keyfile.pub") || die "Unable to open $keyfile.pub"; 3579 ($zero0,$zero1,$zero2) = split(/ /,<FILE>); 3580 close(FILE); 3581 3582 $key = "\Q$zero1"; 3571 # Nothing to do now. 3572 my $useless = 0; 3583 3573 } else { 3584 3574 die "Unknown virtual type $vtype"; 3585 3575 } 3586 3576 3587 if ($vtype =~ /(v|r)m/) {3588 print SCRIPT << 'EOF';3589 # Removes duplicate in .ssh/authorized_keys of our key if needed3590 #3591 my $file1="$ENV{'HOME'}/.ssh/authorized_keys";3592 open(PBFILE,$file1) || die "Unable to open $file1";3593 open(PBOUT,"> $file1.new") || die "Unable to open $file1.new";3594 my $count = 0;3595 while (<PBFILE>) {3596 3597 EOF3598 print SCRIPT << "EOF";3599 if (/ $key /) {3600 \$count++;3601 }3602 print PBOUT \$_ if ((\$count <= 1) || (\$_ !~ / $key /));3603 }3604 close(PBFILE);3605 close(PBOUT);3606 rename("\$file1.new",\$file1);3607 chmod 0600,\$file1;3608 3609 EOF3610 }3611 3577 print SCRIPT << 'EOF'; 3612 3578 … … 4508 4474 4509 4475 my $create = shift || 0; # Do not create keys by default 4476 my $target = shift || "localhost"; 4477 my $nport = shift || "22"; 4510 4478 4511 4479 my ($pbagent) = pb_conf_get_if("pbusesshagent"); … … 4515 4483 # Check the SSH environment 4516 4484 my $keyfile = undef; 4485 4486 # Check whether ecdsa is accepted by the remote host 4487 my $ecdsa = 0; 4488 open(SCAN,"ssh-keyscan -p $nport -t dsa $target|") || pb_log(0,"Unable to check ECDSA support for $target"); 4489 while(<SCAN>) { 4490 $ecdsa = 1 if ($_ =~ /ecdsa-/); 4491 } 4492 close(SCAN); 4517 4493 4518 4494 # We have specific keys by default … … 4530 4506 $keyfile = "$ENV{'HOME'}/.ssh/id_dsa" if (-s "$ENV{'HOME'}/.ssh/id_dsa"); 4531 4507 $keyfile = "$ENV{'HOME'}/.ssh/pb_dsa" if (-s "$ENV{'HOME'}/.ssh/pb_dsa"); 4532 $keyfile = "$ENV{'HOME'}/.ssh/pb_ecdsa" if ( -s "$ENV{'HOME'}/.ssh/pb_ecdsa");4508 $keyfile = "$ENV{'HOME'}/.ssh/pb_ecdsa" if ((-s "$ENV{'HOME'}/.ssh/pb_ecdsa") && ($ecdsa != 0)); 4533 4509 die "Unable to find your public ssh key under $ENV{'HOME'}/.ssh" if (not defined $keyfile); 4534 4510 return($keyfile); … … 4947 4923 ($vmhost) = pb_conf_get($vtype."host"); 4948 4924 # Prepare the key to be used and transfered remotely 4949 $keyfile = pb_ssh_get(1 );4925 $keyfile = pb_ssh_get(1,$vmhost->{$ENV{'PBPROJ'}},$nport); 4950 4926 4951 4927 # We call true to avoid problems if SELinux is not activated, but chcon is present and returns in that case 1 4952 4928 pb_system("cat $keyfile.pub | ssh -q -o UserKnownHostsFile=/dev/null -p $nport -i $keyfile root\@$vmhost->{$ENV{'PBPROJ'}} \"mkdir -p .ssh ; chmod 700 .ssh ; cat >> .ssh/authorized_keys ; chmod 600 .ssh/authorized_keys ; if [ -x /usr/bin/chcon ]; then /usr/bin/chcon -Rt home_ssh_t .ssh 2> /dev/null; /bin/true; fi\"","Copying local keys to $vtype. This may require the root password"); 4953 4929 # once this is done, we can do what we need on the VM/RM remotely 4930 4931 # in particular we can remove duplicate in .ssh/authorized_keys of our key if needed 4932 # Store the pub key part in a variable 4933 open(FILE,"$keyfile.pub") || die "Unable to open $keyfile.pub"; 4934 my ($zero0,$zero1,$zero2) = split(/ /,<FILE>); 4935 close(FILE); 4936 my $key = "\Q$zero1"; 4937 4938 pb_system("ssh -q -o UserKnownHostsFile=/dev/null -p $nport -i $keyfile root\@$vmhost->{$ENV{'PBPROJ'}} ".'perl -c \'my $file1="$ENV{\'HOME\'}/.ssh/authorized_keys"; open(PBFILE,$file1) || die "Unable to open $file1"; open(PBOUT,"> $file1.new") || die "Unable to open $file1.new"; my $count = 0; while (<PBFILE>) { '."if (/ $key /) { \$count++; } print PBOUT \$_ if ((\$count <= 1) || (\$_ !~ / $key /)); };".'close(PBFILE); close(PBOUT); rename("$file1.new",$file1); chmod 0600,$file1; ',"","quiet"); 4954 4939 return; 4955 4940 }
Note:
See TracChangeset
for help on using the changeset viewer.