[pve-devel] [PATCH RFC 07/21] setup_sshd_config: allow certificate based auth
Dietmar Maurer
dietmar at proxmox.com
Mon Nov 28 08:08:59 CET 2016
Signed-off-by: Dietmar Maurer <dietmar at proxmox.com>
---
data/PVE/Cluster.pm | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/data/PVE/Cluster.pm b/data/PVE/Cluster.pm
index e7b00d4..c7deafe 100644
--- a/data/PVE/Cluster.pm
+++ b/data/PVE/Cluster.pm
@@ -1213,6 +1213,22 @@ sub setup_sshd_config {
}
}
+ if ($conf !~ m/^HostCertificate\s+$ssh_host_rsa_cert\s*$/m) {
+ chomp $conf;
+ $changes = 1;
+ if (!($conf =~ s/^#?HostCertificate.*$/HostCertificate $ssh_host_rsa_cert\n/m)) {
+ $conf .= "\nHostCertificate $ssh_host_rsa_cert\n";
+ }
+ }
+
+ if ($conf !~ m/^TrustedUserCAKeys\s+$ssh_cluster_ca_cert\s*$/m) {
+ chomp $conf;
+ $changes = 1;
+ if (!($conf =~ s/^#?TrustedUserCAKeys.*$/TrustedUserCAKeys $ssh_cluster_ca_cert\n/m)) {
+ $conf .= "\nTrustedUserCAKeys $ssh_cluster_ca_cert\n";
+ }
+ }
+
PVE::Tools::file_set_contents($sshd_config_fn, $conf) if $changes;
my $cmd = $start_sshd ? 'reload-or-restart' : 'reload-or-try-restart';
--
2.1.4
More information about the pve-devel
mailing list