[pve-devel] [PATCH RFC 07/21] setup_sshd_config: allow certificate based auth

Dietmar Maurer dietmar at proxmox.com
Mon Nov 28 08:08:59 CET 2016


Signed-off-by: Dietmar Maurer <dietmar at proxmox.com>
---
 data/PVE/Cluster.pm | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/data/PVE/Cluster.pm b/data/PVE/Cluster.pm
index e7b00d4..c7deafe 100644
--- a/data/PVE/Cluster.pm
+++ b/data/PVE/Cluster.pm
@@ -1213,6 +1213,22 @@ sub setup_sshd_config {
 	}
     }
 
+    if ($conf !~ m/^HostCertificate\s+$ssh_host_rsa_cert\s*$/m) {
+	chomp $conf;
+	$changes = 1;
+	if (!($conf =~ s/^#?HostCertificate.*$/HostCertificate $ssh_host_rsa_cert\n/m)) {
+	    $conf .= "\nHostCertificate $ssh_host_rsa_cert\n";
+	}
+    }
+
+    if ($conf !~ m/^TrustedUserCAKeys\s+$ssh_cluster_ca_cert\s*$/m) {
+	chomp $conf;
+	$changes = 1;
+	if (!($conf =~ s/^#?TrustedUserCAKeys.*$/TrustedUserCAKeys $ssh_cluster_ca_cert\n/m)) {
+	    $conf .= "\nTrustedUserCAKeys $ssh_cluster_ca_cert\n";
+	}
+    }
+
     PVE::Tools::file_set_contents($sshd_config_fn, $conf) if $changes;
 
     my $cmd = $start_sshd ? 'reload-or-restart' : 'reload-or-try-restart';
-- 
2.1.4




More information about the pve-devel mailing list