[pve-devel] [PATCH] added setup_rootsshconfig to create initial ssh config for user root
Stefan Priebe
s.priebe at profihost.ag
Wed Oct 31 12:27:34 CET 2012
Signed-off-by: Stefan Priebe <s.priebe at profihost.ag>
---
data/PVE/Cluster.pm | 14 ++++++++++++++
data/PVE/pvecm | 2 ++
2 files changed, 16 insertions(+), 0 deletions(-)
diff --git a/data/PVE/Cluster.pm b/data/PVE/Cluster.pm
index 624d1e8..9f251ba 100644
--- a/data/PVE/Cluster.pm
+++ b/data/PVE/Cluster.pm
@@ -51,6 +51,7 @@ my $sshglobalknownhosts = "/etc/ssh/ssh_known_hosts";
my $sshknownhosts = "/etc/pve/priv/known_hosts";
my $sshauthkeys = "/etc/pve/priv/authorized_keys";
my $rootsshauthkeys = "/root/.ssh/authorized_keys";
+my $rootsshconfig = "/root/.ssh/config";
my $observed = {
'vzdump.cron' => 1,
@@ -1030,6 +1031,19 @@ sub ssh_merge_keys {
PVE::Tools::file_set_contents($sshauthkeys, $newdata, 0600);
}
+sub setup_rootsshconfig {
+
+ # create ssh config if it does not exist
+ if (! -f $rootsshconfig) {
+ mkdir '/root/.ssh' if ( !-e '/root/.ssh' );
+ if (my $fh = IO::File->new ($rootsshconfig, O_CREAT|O_WRONLY|O_EXCL, 0640)) {
+ # this is the default ciphers list from debian openssl0.9.8 except blowfish is added as prefered
+ print $fh "Ciphers blowfish,aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc\n";
+ close($fh);
+ }
+ }
+}
+
sub setup_ssh_keys {
# create ssh key if it does not exist
diff --git a/data/PVE/pvecm b/data/PVE/pvecm
index bb7e2c8..50593a6 100755
--- a/data/PVE/pvecm
+++ b/data/PVE/pvecm
@@ -169,6 +169,7 @@ __PACKAGE__->register_method ({
-f $clusterconf && die "cluster config '$clusterconf' already exists\n";
+ PVE::Cluster::setup_rootsshconfig();
PVE::Cluster::setup_ssh_keys();
-f $authfile || __PACKAGE__->keygen({filename => $authfile});
@@ -367,6 +368,7 @@ __PACKAGE__->register_method ({
code => sub {
my ($param) = @_;
+ PVE::Cluster::setup_rootsshconfig();
PVE::Cluster::setup_ssh_keys();
my $host = $param->{hostname};
--
1.7.2.5
More information about the pve-devel
mailing list