108 lines
3.6 KiB
Python
108 lines
3.6 KiB
Python
|
# -*- coding: utf-8; -*-
|
||
|
################################################################################
|
||
|
#
|
||
|
# Rattail -- Retail Software Framework
|
||
|
# Copyright © 2010-2018 Lance Edgar
|
||
|
#
|
||
|
# This file is part of Rattail.
|
||
|
#
|
||
|
# Rattail is free software: you can redistribute it and/or modify it under the
|
||
|
# terms of the GNU General Public License as published by the Free Software
|
||
|
# Foundation, either version 3 of the License, or (at your option) any later
|
||
|
# version.
|
||
|
#
|
||
|
# Rattail is distributed in the hope that it will be useful, but WITHOUT ANY
|
||
|
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||
|
# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
|
||
|
# details.
|
||
|
#
|
||
|
# You should have received a copy of the GNU General Public License along with
|
||
|
# Rattail. If not, see <http://www.gnu.org/licenses/>.
|
||
|
#
|
||
|
################################################################################
|
||
|
"""
|
||
|
Fabric Library for SSH
|
||
|
"""
|
||
|
|
||
|
from __future__ import unicode_literals, absolute_import
|
||
|
|
||
|
import warnings
|
||
|
|
||
|
from fabric.api import sudo, cd, settings
|
||
|
from fabric.contrib.files import exists, sed, append
|
||
|
|
||
|
from rattail_fabric import mkdir, agent_sudo
|
||
|
from rattail_fabric.python import cdvirtualenv
|
||
|
|
||
|
|
||
|
def cache_host_key(host, for_user='root', with_agent=False, warn_only=True, identity=''):
|
||
|
"""
|
||
|
Cache the SSH host key for the given host, for the given user.
|
||
|
"""
|
||
|
user = None if for_user == 'root' else for_user
|
||
|
_sudo = agent_sudo if with_agent else sudo
|
||
|
if identity:
|
||
|
identity = '-i {}'.format(identity)
|
||
|
cmd = 'ssh {} -o StrictHostKeyChecking=no {} echo'.format(identity, host)
|
||
|
if warn_only:
|
||
|
with settings(warn_only=True):
|
||
|
_sudo(cmd, user=user)
|
||
|
else:
|
||
|
_sudo(cmd, user=user)
|
||
|
|
||
|
|
||
|
def uncache_host_key(host, for_user='root'):
|
||
|
"""
|
||
|
Remove the cached SSH host key for the given host, for the given user.
|
||
|
"""
|
||
|
user = None if for_user == 'root' else for_user
|
||
|
sudo('ssh-keygen -R {}'.format(host), user=user)
|
||
|
|
||
|
|
||
|
def restart():
|
||
|
"""
|
||
|
Restart the OpenSSH service
|
||
|
"""
|
||
|
sudo('service ssh restart')
|
||
|
|
||
|
|
||
|
def configure(allow_root=False):
|
||
|
"""
|
||
|
Configure the OpenSSH service
|
||
|
"""
|
||
|
path = '/etc/ssh/sshd_config'
|
||
|
value = 'without-password' if allow_root else 'no'
|
||
|
sed(path, r'^PermitRootLogin\s+.*', 'PermitRootLogin {}'.format(value), use_sudo=True)
|
||
|
entry = 'PasswordAuthentication no'
|
||
|
sed(path, r'^PasswordAuthentication\s+.*', entry, use_sudo=True)
|
||
|
append(path, entry, use_sudo=True)
|
||
|
restart()
|
||
|
|
||
|
|
||
|
def configure_ssh(restrict_root=True):
|
||
|
warnings.warn("Function `ssh.configure_ssh()` is deprecated, please "
|
||
|
"use `ssh.configure()` instead.", DeprecationWarning)
|
||
|
return configure(allow_root=not restrict_root)
|
||
|
|
||
|
|
||
|
def establish_identity(envname, comment, user='rattail', home='/var/lib/rattail'):
|
||
|
"""
|
||
|
Generate a SSH key pair and configure it for local use.
|
||
|
"""
|
||
|
home = home.rstrip('/')
|
||
|
sshdir = '{0}/.ssh'.format(home)
|
||
|
owner='{0}:{0}'.format(user)
|
||
|
mkdir(sshdir, owner=owner, mode='0700')
|
||
|
with cd(sshdir):
|
||
|
if not exists('authorized_keys'):
|
||
|
sudo('touch authorized_keys')
|
||
|
sudo('chown {0} authorized_keys'.format(owner))
|
||
|
sudo('chmod 0600 authorized_keys')
|
||
|
with cdvirtualenv(envname, 'app'):
|
||
|
mkdir('ssh', owner=owner, mode='0700')
|
||
|
with cdvirtualenv(envname, 'app/ssh'):
|
||
|
if not exists('id_rsa', use_sudo=True):
|
||
|
sudo("ssh-keygen -C '{0}' -P '' -f id_rsa".format(comment))
|
||
|
sudo('cat id_rsa.pub >> {0}/authorized_keys'.format(sshdir))
|
||
|
sudo('chown {0} id_rsa*'.format(owner))
|