Commit 10d32445 authored by Leigh Stoller's avatar Leigh Stoller

Make the "can boss ssh to ops" test use the newly created key with

the -i option, so as not to be confused by the invoking user's ssh
agent.

Also, switch to an rsa version 2 key for the initial keypair, time
to stop using protocol 1 keys!
parent bdaf2ffc
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAzdiy/Ow6ybF2XQDdc4fk3C5ZNCPCD48c68RG9gGqHZ04Ymxv
t8YzHcegSQlkUXgrHXVG2Q0NfdC1b0T8OzVDGX7GzrEzwSYSoZvnQ5M9M6jivOK9
jpn0wxV2iBaJ3VRImdT5KbQ6VsNuYXpE1i2f0o3gjI/btYtC9e0rusEhuqjXwrQu
AlUhLPAddCb7RqGtp+siFyWAxwj4RIWvx3IpjraQ5+SDyL3BpvD+5GRnUZ3sJvCb
dVniccK01erMWxVA6CWg5Oiiss2nrFzZYOCB1OspQXAE9+WTtrV1WGrMV0++f3pN
zL1SbMRJFhNgPpDmfzO9S9xdJlfamBcgHF5N7wIDAQABAoIBAGguYcByivpjr8U4
V9xODf2GE62431Him7+Tslp10zRzywK9YPmA/YP38d6lOzmkeSXKolXeLlLcG8e6
AXKx7UjtCg+4TbpW250he7WOwq3vrvnsRAX1U5Scu0X7KkFzk98PlB+QUOpytN3u
9QH1S2tUVS6u7IMAfZ5cMAKwFrMSMtbO0KYTbb0rPsmO37vAnKuTTRvjGQnrjebL
8NcbYY83VIUBBNR182jinoaxk5Xfr+AqCQbYsYmMb+rq9CV9REG657kcXn5I4JGB
W+jV3023SEZveUDam7yeMz9IKBPwWhuwbVhcD7La6buigihezWa6p6xQZMcvg87d
Ao4vk2kCgYEA66Y5crnGioXFxyPjuUhyxPjOHCHhjp6913A9b2thFq8x6S15fefC
YBGWHJ6CelHwceaxQgBMNtHY4VS2J9KqzRZyb0hmRuHaa2+7Z9ie7vxZtwfp3j3N
nFhuE1MmZO+o15A65XE/mUPt/qxxMwbmGhk9R4LG96wyh0fJzOF4V/MCgYEA35+W
rs3eycXSVB2K1S3S998okG8R8PYBe+ZGM4I7EfkkmS9Pva40464dQoHGF6Myp4iu
molodmwaMQ1tm/Bzs1qpyiqNLrL8XexVJblcLTm/0vMRYSxWVsjneMMPA/EPkPKM
AFXMvX9p1v4gfekc+SqmKobqjYOPP32lob6JTRUCgYBT3Yi8h9ldG1bUFLXLDzmp
WFMiN/yqYVx2+/8hVDntdNRyhDik0oKe5iNidBdDqT3Fi7CyKKD3MZ/aMefSLGuV
KdP4PvAHcgHmEpHD15hYvX7AYRSef6hZaC9kuUcEzTZt4WrUlYVo6oAdDwoKev4R
c8IXXTeqlaI1+xqay/OkeQKBgQCtbU0lIFAp15t41Lh4/+LfjVgeO6WEZKVd+4Zy
KAu7sqbpjkGfb11hPgU/MPn6Fv0P5PbUrsAvJ0Ngy3M4PtDcRfHr8fgwQWtrQ//9
E7Yi9OiJpyzRWdtTzteFVnFssyVJWnGtSN1SEWB59fgo7gMkUikwThXVzjPoH3+2
4tgEyQKBgQCBufN15oxKd9DT4Rxar8lC5XgWSB4gJbY7Kr89jg7dPFWB63Z2zfga
UMJHaXbbINlJahYwDM8v0KT1mh5rKNhO2hetKCz9BBdkGhdRjXIrycHJsVMysXka
NwhAzY6Me5Ki6jWdLneWfjqv1zGSWb+Ux2ybRUFDlKtlEOYrKZn/bA==
-----END RSA PRIVATE KEY-----
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN2LL87DrJsXZdAN1zh+TcLlk0I8IPjxzrxEb2AaodnThibG+3xjMdx6BJCWRReCsddUbZDQ190LVvRPw7NUMZfsbOsTPBJhKhm+dDkz0zqOK84r2OmfTDFXaIFondVEiZ1PkptDpWw25hekTWLZ/SjeCMj9u1i0L17Su6wSG6qNfCtC4CVSEs8B10JvtGoa2n6yIXJYDHCPhEha/HcimOtpDn5IPIvcGm8P7kZGdRnewm8Jt1WeJxwrTV6sxbFUDoJaDk6KKyzaesXNlg4IHU6ylBcAT35ZO2tXVYasxXT75/ek3MvVJsxEkWE2A+kOZ/M71L3F0mV9qYFyAcXk3v stoller@boss.emulab.net
#!/usr/bin/perl -w
#
# Copyright (c) 2003-2014 University of Utah and the Flux Group.
# Copyright (c) 2003-2015 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -335,7 +335,8 @@ $ROOT_AUTHKEY = "/root/.ssh/authorized_keys";
$ROOT_DSA_PRIVKEY = "/root/.ssh/id_dsa";
$ROOT_DSA_PUBKEY = "$ROOT_DSA_PRIVKEY.pub";
$INIT_PRIVKEY = "$main::TOP_SRCDIR/install/identity";
$INIT_PRIVKEY = "$main::TOP_SRCDIR/install/id_rsa";
$INIT_PUBKEY = "$main::TOP_SRCDIR/install/id_rsa.pub";
$CACERT = "$TBROOT/etc/emulab.pem";
$EMULAB_PEM = "emulab.pem";
$CLIENT_PEM = "client.pem";
......
......@@ -77,9 +77,11 @@ sub Install($$$)
};
}
Phase "keycopy", "Copy root ssh keys to ops", sub {
if (! ExecQuiet("$SSH -o 'BatchMode=yes' root\@${USERNODE} pwd")) {
if (! ExecQuiet("$SSH -o 'BatchMode=yes' -i $ROOT_PRIVKEY ".
" root\@${USERNODE} pwd")) {
PhaseSkip("Key already copied");
} else {
# ssh will complain about mode if we do not do this.
ExecQuietFatal("chmod 400 $INIT_PRIVKEY");
if ($ELABINELAB) {
ExecQuietFatal("$SCP_INIT -i $INIT_PRIVKEY ".
......@@ -109,7 +111,8 @@ sub Install($$$)
if ($BOSSNODE eq $FSNODE) {
PhaseSkip("FS node is boss node");
}
if (! ExecQuiet("$SSH -o 'BatchMode=yes' root\@${FSNODE} pwd")) {
if (! ExecQuiet("$SSH -o 'BatchMode=yes' -i $ROOT_PRIVKEY ".
"root\@${FSNODE} pwd")) {
PhaseSkip("Key already copied");
} else {
if ($ELABINELAB) {
......
......@@ -5,8 +5,6 @@ use strict;
use libinstall;
use installvars;
my $IDENTPUB = "$TOP_SRCDIR/install/identity.pub";
sub Install($$$)
{
my ($server, $isupdate, $impotent) = @_;
......@@ -55,8 +53,8 @@ sub Install($$$)
};
Phase "authkeys", "Adding stub identity to root authorized_keys", sub {
DoneIfEdited($AUTHKEYS);
my $ident = `cat $IDENTPUB`;
PhaseFail("Could not read $IDENTPUB")
my $ident = `cat $INIT_PUBKEY`;
PhaseFail("Could not read $INIT_PUBKEY")
if ($?);
chomp($ident);
if (! -e $AUTHKEYS) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment