[pve-devel] [PATCH RFC 20/21] remove code to merge ssh authorized_keys
Dietmar Maurer
dietmar at proxmox.com
Mon Nov 28 08:09:12 CET 2016
no longer required, because we use certs for authentication.
Signed-off-by: Dietmar Maurer <dietmar at proxmox.com>
---
data/PVE/CLI/pvecm.pm | 1 -
data/PVE/Cluster.pm | 82 ++++-----------------------------------------------
2 files changed, 6 insertions(+), 77 deletions(-)
diff --git a/data/PVE/CLI/pvecm.pm b/data/PVE/CLI/pvecm.pm
index 4bc406a..6c8fa0d 100755
--- a/data/PVE/CLI/pvecm.pm
+++ b/data/PVE/CLI/pvecm.pm
@@ -252,7 +252,6 @@ my $update_cluster_files = sub {
if ($quorate) {
PVE::Cluster::gen_pve_node_files($nodename, $local_ip_address, $force);
PVE::Cluster::setup_ssh_keys();
- PVE::Cluster::ssh_merge_keys();
PVE::Cluster::ssh_merge_known_hosts($nodename, $local_ip_address);
PVE::Cluster::gen_pve_vzdump_files();
}
diff --git a/data/PVE/Cluster.pm b/data/PVE/Cluster.pm
index c1bfd6c..14748e2 100644
--- a/data/PVE/Cluster.pm
+++ b/data/PVE/Cluster.pm
@@ -1154,49 +1154,6 @@ sub get_local_migration_ip {
# ssh related utility functions
-sub ssh_merge_keys {
- # remove duplicate keys in $sshauthkeys
- # ssh-copy-id simply add keys, so the file can grow to large
-
- my $data = '';
- if (-f $sshauthkeys) {
- $data = PVE::Tools::file_get_contents($sshauthkeys, 128*1024);
- chomp($data);
- }
-
- my $found_backup;
- if (-f $rootsshauthkeysbackup) {
- $data .= "\n";
- $data .= PVE::Tools::file_get_contents($rootsshauthkeysbackup, 128*1024);
- chomp($data);
- $found_backup = 1;
- }
-
- # always add ourself
- if (-f $ssh_rsa_id) {
- my $pub = PVE::Tools::file_get_contents($ssh_rsa_id);
- chomp($pub);
- $data .= "\n$pub\n";
- }
-
- my $newdata = "";
- my $vhash = {};
- my @lines = split(/\n/, $data);
- foreach my $line (@lines) {
- if ($line !~ /^#/ && $line =~ m/(^|\s)ssh-(rsa|dsa)\s+(\S+)\s+\S+$/) {
- next if $vhash->{$3}++;
- }
- $newdata .= "$line\n";
- }
-
- PVE::Tools::file_set_contents($sshauthkeys, $newdata, 0600);
-
- if ($found_backup && -l $rootsshauthkeys) {
- # everything went well, so we can remove the backup
- unlink $rootsshauthkeysbackup;
- }
-}
-
sub setup_sshd_config {
my ($start_sshd, $force) = @_;
@@ -1277,39 +1234,12 @@ sub setup_rootsshconfig {
sub setup_ssh_keys {
- mkdir $authdir;
-
- my $import_ok;
-
- if (! -f $sshauthkeys) {
- my $old;
- if (-f $rootsshauthkeys) {
- $old = PVE::Tools::file_get_contents($rootsshauthkeys, 128*1024);
- }
- if (my $fh = IO::File->new ($sshauthkeys, O_CREAT|O_WRONLY|O_EXCL, 0400)) {
- PVE::Tools::safe_print($sshauthkeys, $fh, $old) if $old;
- close($fh);
- $import_ok = 1;
- }
- }
-
- warn "can't create shared ssh key database '$sshauthkeys'\n"
- if ! -f $sshauthkeys;
-
- if (-f $rootsshauthkeys && ! -l $rootsshauthkeys) {
- if (!rename($rootsshauthkeys , $rootsshauthkeysbackup)) {
- warn "rename $rootsshauthkeys failed - $!\n";
- }
- }
-
- if (! -l $rootsshauthkeys) {
- symlink $sshauthkeys, $rootsshauthkeys;
- }
-
- if (! -l $rootsshauthkeys) {
- warn "can't create symlink for ssh keys '$rootsshauthkeys' -> '$sshauthkeys'\n";
- } else {
- unlink $rootsshauthkeysbackup if $import_ok;
+ # cleanup previous hack - remove symlink
+ if (-l $rootsshauthkeys) {
+ my $old = '';
+ $old = PVE::Tools::file_get_contents($rootsshauthkeys, 128*1024)
+ if -f $rootsshauthkeys;
+ PVE::Tools::file_set_contents($rootsshauthkeys, $old, 0600);
}
}
--
2.1.4
More information about the pve-devel
mailing list