Commit 4b947320 authored by Mike Hibler's avatar Mike Hibler

Fix a couple of the other pieces of the host/root key cleanup.

parent 9bbccab5
......@@ -85,15 +85,11 @@ localize_image() {
return 1
}
fi
# copy to both authorized_keys and _keys2
# copy to authorized_keys
cp -pf /root/.ssh/authorized_keys2 $MNT/root/.ssh/authorized_keys || {
echo "Failed to create /root/.ssh/authorized_keys"
return 1
}
cp -pf /root/.ssh/authorized_keys2 $MNT/root/.ssh/ || {
echo "Failed to create /root/.ssh/authorized_keys2"
return 1
}
fi
fi
......
......@@ -1137,21 +1137,17 @@ sub fix_sshd_config
my ($imageroot) = @_;
my $cfile = "$imageroot/etc/ssh/sshd_config";
if (! -r $cfile ||
!system("grep -q '^# Emulab config' $cfile 2>/dev/null")) {
return;
}
print STDERR "Adding security options to SSHD config\n";
open FILE, "+<$cfile" ||
die "Couldn't open $cfile: $!\n";
my @buffer = ();
while (<FILE>) {
s/^Protocol/#Protocol/;
s/^PasswordAuth/#PasswordAuth/;
s/^ChallengeResp/#ChallengeResp/;
s/^PermitRootLogin/#PermitRootLogin/;
s/^Protocol .*//;
s/^PasswordAuthentication .*//;
s/^ChallengeResponseAuthentication .*//;
s/^PermitRootLogin .*//;
s/^# Emulab.*//;
push @buffer, $_;
}
push @buffer, "\n# Emulab config\n";
......@@ -1223,42 +1219,27 @@ sub localize
return;
}
}
# copy to both authorized_keys and _keys2
# copy authorized_keys
system("cp -pf /root/.ssh/authorized_keys2 $imageroot/root/.ssh/authorized_keys");
if ($?) {
print STDERR "Failed to create /root/.ssh/authorized_keys\n";
return;
}
system("cp -pf /root/.ssh/authorized_keys2 $imageroot/root/.ssh/");
if ($?) {
print STDERR "Failed to create /root/.ssh/authorized_keys2\n";
return;
}
}
}
# Check the host keys.
my $changehostkeys = 0;
if (-e "/etc/ssh/ssh_host_key") {
system("cmp -s /etc/ssh/ssh_host_key $imageroot/etc/ssh/ssh_host_key >/dev/null 2>&1");
if ($?) {
$changehostkeys = 1;
}
}
if (-e "/etc/ssh/ssh_host_rsa_key") {
system("cmp -s /etc/ssh/ssh_host_rsa_key $imageroot/etc/ssh/ssh_host_rsa_key >/dev/null 2>&1");
if ($?) {
$changehostkeys = 1;
}
}
if (-e "/etc/ssh/ssh_host_dsa_key") {
system("cmp -s /etc/ssh/ssh_host_dsa_key $imageroot/etc/ssh/ssh_host_dsa_key >/dev/null 2>&1");
if ($?) {
$changehostkeys = 1;
foreach my $kt ("", "dsa_", "ecdsa_", "ed25519_", "rsa_") {
if (-e "/etc/ssh/ssh_host_${kt}key") {
system("cmp -s /etc/ssh/ssh_host_${kt}key $imageroot/etc/ssh/ssh_host_${kt}key >/dev/null 2>&1");
if ($?) {
$changehostkeys = 1;
}
}
}
if ($changehostkeys) {
print "Updating /etc/ssh/hostkeys\n";
print "Updating /etc/ssh host keys\n";
if (! -d "$imageroot/etc/ssh") {
if (!mkdir("$imageroot/etc/ssh", 0755)) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment