Fix a couple of the other pieces of the host/root key cleanup.

4b947320 · Mike Hibler · 9bbccab5 · 4b947320 · 4b947320
Commit 4b947320 authored Jun 19, 2017 by Mike Hibler
--- a/clientside/tmcc/common/localize_image
+++ b/clientside/tmcc/common/localize_image
@@ -85,15 +85,11 @@ localize_image() {
 		    return 1
 		}
 	    fi
-	    # copy to both authorized_keys and _keys2
+	    # copy to authorized_keys
 	    cp -pf /root/.ssh/authorized_keys2 $MNT/root/.ssh/authorized_keys || {
 		echo "Failed to create /root/.ssh/authorized_keys"
 		return 1
 	    }
-	    cp -pf /root/.ssh/authorized_keys2 $MNT/root/.ssh/ || {
-		echo "Failed to create /root/.ssh/authorized_keys2"
-		return 1
-	    }
 	fi
    fi


--- a/clientside/tmcc/linux/linux_slicefix.pl
+++ b/clientside/tmcc/linux/linux_slicefix.pl
@@ -1137,21 +1137,17 @@ sub fix_sshd_config
 	my ($imageroot) = @_;
 	my $cfile = "$imageroot/etc/ssh/sshd_config";

-	if (! -r $cfile ||
-	    !system("grep -q '^# Emulab config' $cfile 2>/dev/null")) {
-	    return;
-	}
-
 	print STDERR "Adding security options to SSHD config\n";
 	open FILE, "+<$cfile" ||
 	    die "Couldn't open $cfile: $!\n";

 	my @buffer = ();
 	while (<FILE>) {
-		s/^Protocol/#Protocol/;
-		s/^PasswordAuth/#PasswordAuth/;
-		s/^ChallengeResp/#ChallengeResp/;
-		s/^PermitRootLogin/#PermitRootLogin/;
+		s/^Protocol .*//;
+		s/^PasswordAuthentication .*//;
+		s/^ChallengeResponseAuthentication .*//;
+		s/^PermitRootLogin .*//;
+		s/^# Emulab.*//;
 		push @buffer, $_;
 	}
 	push @buffer, "\n# Emulab config\n";
@@ -1223,42 +1219,27 @@ sub localize
 		    return;
 		}
 	    }
-	    # copy to both authorized_keys and _keys2
+	    # copy authorized_keys
 	    system("cp -pf /root/.ssh/authorized_keys2 $imageroot/root/.ssh/authorized_keys");
 	    if ($?) {
 		print STDERR "Failed to create /root/.ssh/authorized_keys\n";
 		return;
 	    }
-	    system("cp -pf /root/.ssh/authorized_keys2 $imageroot/root/.ssh/");
-	    if ($?) {
-		print STDERR "Failed to create /root/.ssh/authorized_keys2\n";
-		return;
-	    }
 	}
    }

    # Check the host keys.
    my $changehostkeys = 0;
-    if (-e "/etc/ssh/ssh_host_key") {
-	system("cmp -s /etc/ssh/ssh_host_key $imageroot/etc/ssh/ssh_host_key >/dev/null 2>&1");
-	if ($?) {
-	    $changehostkeys = 1;
-	}
-    }
-    if (-e "/etc/ssh/ssh_host_rsa_key") {
-	system("cmp -s /etc/ssh/ssh_host_rsa_key $imageroot/etc/ssh/ssh_host_rsa_key >/dev/null 2>&1");
-	if ($?) {
-	    $changehostkeys = 1;
-	}
-    }
-    if (-e "/etc/ssh/ssh_host_dsa_key") {
-	system("cmp -s /etc/ssh/ssh_host_dsa_key $imageroot/etc/ssh/ssh_host_dsa_key >/dev/null 2>&1");
-	if ($?) {
-	    $changehostkeys = 1;
+    foreach my $kt ("", "dsa_", "ecdsa_", "ed25519_", "rsa_") {
+	if (-e "/etc/ssh/ssh_host_${kt}key") {
+	    system("cmp -s /etc/ssh/ssh_host_${kt}key $imageroot/etc/ssh/ssh_host_${kt}key >/dev/null 2>&1");
+	    if ($?) {
+		$changehostkeys = 1;
+	    }
 	}
    }
    if ($changehostkeys) {
-	print "Updating /etc/ssh/hostkeys\n";
+	print "Updating /etc/ssh host keys\n";

 	if (! -d "$imageroot/etc/ssh") {
 	    if (!mkdir("$imageroot/etc/ssh", 0755)) {