[pve-devel] [PATCH RFC 20/21] remove code to merge ssh authorized_keys

Dietmar Maurer dietmar at proxmox.com
Mon Nov 28 08:09:12 CET 2016


no longer required, because we use certs for authentication.

Signed-off-by: Dietmar Maurer <dietmar at proxmox.com>
---
 data/PVE/CLI/pvecm.pm |  1 -
 data/PVE/Cluster.pm   | 82 ++++-----------------------------------------------
 2 files changed, 6 insertions(+), 77 deletions(-)

diff --git a/data/PVE/CLI/pvecm.pm b/data/PVE/CLI/pvecm.pm
index 4bc406a..6c8fa0d 100755
--- a/data/PVE/CLI/pvecm.pm
+++ b/data/PVE/CLI/pvecm.pm
@@ -252,7 +252,6 @@ my $update_cluster_files = sub {
     if ($quorate) {
 	PVE::Cluster::gen_pve_node_files($nodename, $local_ip_address, $force);
 	PVE::Cluster::setup_ssh_keys();
-	PVE::Cluster::ssh_merge_keys();
 	PVE::Cluster::ssh_merge_known_hosts($nodename, $local_ip_address);
 	PVE::Cluster::gen_pve_vzdump_files();
     }
diff --git a/data/PVE/Cluster.pm b/data/PVE/Cluster.pm
index c1bfd6c..14748e2 100644
--- a/data/PVE/Cluster.pm
+++ b/data/PVE/Cluster.pm
@@ -1154,49 +1154,6 @@ sub get_local_migration_ip {
 
 # ssh related utility functions
 
-sub ssh_merge_keys {
-    # remove duplicate keys in $sshauthkeys
-    # ssh-copy-id simply add keys, so the file can grow to large
-
-    my $data = '';
-    if (-f $sshauthkeys) {
-	$data = PVE::Tools::file_get_contents($sshauthkeys, 128*1024);
-	chomp($data);
-    }
-
-    my $found_backup;
-    if (-f $rootsshauthkeysbackup) {
-	$data .= "\n";
-	$data .= PVE::Tools::file_get_contents($rootsshauthkeysbackup, 128*1024);
-	chomp($data);
-	$found_backup = 1;
-    }
-
-    # always add ourself
-    if (-f $ssh_rsa_id) {
-	my $pub = PVE::Tools::file_get_contents($ssh_rsa_id);
-	chomp($pub);
-	$data .= "\n$pub\n";
-    }
-
-    my $newdata = "";
-    my $vhash = {};
-    my @lines = split(/\n/, $data);
-    foreach my $line (@lines) {
-	if ($line !~ /^#/ && $line =~ m/(^|\s)ssh-(rsa|dsa)\s+(\S+)\s+\S+$/) {
-            next if $vhash->{$3}++;
-	}
-	$newdata .= "$line\n";
-    }
-
-    PVE::Tools::file_set_contents($sshauthkeys, $newdata, 0600);
-
-    if ($found_backup && -l $rootsshauthkeys) {
-	# everything went well, so we can remove the backup
-	unlink $rootsshauthkeysbackup;
-    }
-}
-
 sub setup_sshd_config {
     my ($start_sshd, $force) = @_;
 
@@ -1277,39 +1234,12 @@ sub setup_rootsshconfig {
 
 sub setup_ssh_keys {
 
-    mkdir $authdir;
-
-    my $import_ok;
-
-    if (! -f $sshauthkeys) {
-	my $old;
-	if (-f $rootsshauthkeys) {
-	    $old = PVE::Tools::file_get_contents($rootsshauthkeys, 128*1024);
-	}
-	if (my $fh = IO::File->new ($sshauthkeys, O_CREAT|O_WRONLY|O_EXCL, 0400)) {
-	    PVE::Tools::safe_print($sshauthkeys, $fh, $old) if $old;
-	    close($fh);
-	    $import_ok = 1;
-	}
-    }
-
-    warn "can't create shared ssh key database '$sshauthkeys'\n" 
-	if ! -f $sshauthkeys;
-
-    if (-f $rootsshauthkeys && ! -l $rootsshauthkeys) {
-	if (!rename($rootsshauthkeys , $rootsshauthkeysbackup)) {
-	    warn "rename $rootsshauthkeys failed - $!\n";
-	}
-    }
-
-    if (! -l $rootsshauthkeys) {
-	symlink $sshauthkeys, $rootsshauthkeys;
-    }
-
-    if (! -l $rootsshauthkeys) {
-	warn "can't create symlink for ssh keys '$rootsshauthkeys' -> '$sshauthkeys'\n";
-    } else {
-	unlink $rootsshauthkeysbackup if $import_ok;
+    # cleanup previous hack - remove symlink
+    if (-l $rootsshauthkeys) {
+	my $old = '';
+	$old = PVE::Tools::file_get_contents($rootsshauthkeys, 128*1024)
+	    if -f $rootsshauthkeys;
+	PVE::Tools::file_set_contents($rootsshauthkeys, $old, 0600);
     }
 }
 
-- 
2.1.4




More information about the pve-devel mailing list