2018-02-24 16:29:20 -06:00
|
|
|
# -*- coding: utf-8; -*-
|
|
|
|
################################################################################
|
|
|
|
#
|
|
|
|
# Rattail -- Retail Software Framework
|
|
|
|
# Copyright © 2010-2018 Lance Edgar
|
|
|
|
#
|
|
|
|
# This file is part of Rattail.
|
|
|
|
#
|
|
|
|
# Rattail is free software: you can redistribute it and/or modify it under the
|
|
|
|
# terms of the GNU General Public License as published by the Free Software
|
|
|
|
# Foundation, either version 3 of the License, or (at your option) any later
|
|
|
|
# version.
|
|
|
|
#
|
|
|
|
# Rattail is distributed in the hope that it will be useful, but WITHOUT ANY
|
|
|
|
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
|
|
|
# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
|
|
|
|
# details.
|
|
|
|
#
|
|
|
|
# You should have received a copy of the GNU General Public License along with
|
|
|
|
# Rattail. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
#
|
|
|
|
################################################################################
|
|
|
|
"""
|
|
|
|
Fabric Library for SSH
|
|
|
|
"""
|
|
|
|
|
|
|
|
from __future__ import unicode_literals, absolute_import
|
|
|
|
|
|
|
|
import warnings
|
|
|
|
|
|
|
|
from fabric.api import sudo, cd, settings
|
|
|
|
from fabric.contrib.files import exists, sed, append
|
|
|
|
|
|
|
|
from rattail_fabric import mkdir, agent_sudo
|
|
|
|
from rattail_fabric.python import cdvirtualenv
|
|
|
|
|
|
|
|
|
|
|
|
def cache_host_key(host, for_user='root', with_agent=False, warn_only=True, identity=''):
|
|
|
|
"""
|
|
|
|
Cache the SSH host key for the given host, for the given user.
|
|
|
|
"""
|
|
|
|
user = None if for_user == 'root' else for_user
|
|
|
|
_sudo = agent_sudo if with_agent else sudo
|
|
|
|
if identity:
|
|
|
|
identity = '-i {}'.format(identity)
|
|
|
|
cmd = 'ssh {} -o StrictHostKeyChecking=no {} echo'.format(identity, host)
|
|
|
|
if warn_only:
|
|
|
|
with settings(warn_only=True):
|
|
|
|
_sudo(cmd, user=user)
|
|
|
|
else:
|
|
|
|
_sudo(cmd, user=user)
|
|
|
|
|
|
|
|
|
|
|
|
def uncache_host_key(host, for_user='root'):
|
|
|
|
"""
|
|
|
|
Remove the cached SSH host key for the given host, for the given user.
|
|
|
|
"""
|
|
|
|
user = None if for_user == 'root' else for_user
|
|
|
|
sudo('ssh-keygen -R {}'.format(host), user=user)
|
|
|
|
|
|
|
|
|
|
|
|
def restart():
|
|
|
|
"""
|
|
|
|
Restart the OpenSSH service
|
|
|
|
"""
|
|
|
|
sudo('service ssh restart')
|
|
|
|
|
|
|
|
|
|
|
|
def configure(allow_root=False):
|
|
|
|
"""
|
|
|
|
Configure the OpenSSH service
|
|
|
|
"""
|
|
|
|
path = '/etc/ssh/sshd_config'
|
2018-03-11 20:34:39 -05:00
|
|
|
|
|
|
|
entry = 'PermitRootLogin {}'.format('without-password' if allow_root else 'no')
|
|
|
|
sed(path, r'^PermitRootLogin\s+.*', entry, use_sudo=True)
|
|
|
|
append(path, entry, use_sudo=True)
|
|
|
|
|
2018-02-24 16:29:20 -06:00
|
|
|
entry = 'PasswordAuthentication no'
|
|
|
|
sed(path, r'^PasswordAuthentication\s+.*', entry, use_sudo=True)
|
|
|
|
append(path, entry, use_sudo=True)
|
2018-03-11 20:34:39 -05:00
|
|
|
|
2018-02-24 16:29:20 -06:00
|
|
|
restart()
|
|
|
|
|
|
|
|
|
|
|
|
def configure_ssh(restrict_root=True):
|
|
|
|
warnings.warn("Function `ssh.configure_ssh()` is deprecated, please "
|
|
|
|
"use `ssh.configure()` instead.", DeprecationWarning)
|
|
|
|
return configure(allow_root=not restrict_root)
|
|
|
|
|
|
|
|
|
|
|
|
def establish_identity(envname, comment, user='rattail', home='/var/lib/rattail'):
|
|
|
|
"""
|
|
|
|
Generate a SSH key pair and configure it for local use.
|
|
|
|
"""
|
|
|
|
home = home.rstrip('/')
|
|
|
|
sshdir = '{0}/.ssh'.format(home)
|
|
|
|
owner='{0}:{0}'.format(user)
|
|
|
|
mkdir(sshdir, owner=owner, mode='0700')
|
|
|
|
with cd(sshdir):
|
|
|
|
if not exists('authorized_keys'):
|
|
|
|
sudo('touch authorized_keys')
|
|
|
|
sudo('chown {0} authorized_keys'.format(owner))
|
|
|
|
sudo('chmod 0600 authorized_keys')
|
|
|
|
with cdvirtualenv(envname, 'app'):
|
|
|
|
mkdir('ssh', owner=owner, mode='0700')
|
|
|
|
with cdvirtualenv(envname, 'app/ssh'):
|
|
|
|
if not exists('id_rsa', use_sudo=True):
|
|
|
|
sudo("ssh-keygen -C '{0}' -P '' -f id_rsa".format(comment))
|
|
|
|
sudo('cat id_rsa.pub >> {0}/authorized_keys'.format(sshdir))
|
|
|
|
sudo('chown {0} id_rsa*'.format(owner))
|