diff options
author | elijah <elijah@riseup.net> | 2012-10-25 00:49:10 -0700 |
---|---|---|
committer | elijah <elijah@riseup.net> | 2012-10-25 00:49:10 -0700 |
commit | a269255b2f51783ba19cbc363759ba9a61038ea0 (patch) | |
tree | 0818a266e13be244baee3a0d4faf022def7c59b8 /lib/leap_cli/commands/node.rb | |
parent | 80747fe28c40403bd07473c2bc7fad19cb562fcd (diff) |
cleaned up the code a bit by adding SshKey class.
Diffstat (limited to 'lib/leap_cli/commands/node.rb')
-rw-r--r-- | lib/leap_cli/commands/node.rb | 79 |
1 files changed, 13 insertions, 66 deletions
diff --git a/lib/leap_cli/commands/node.rb b/lib/leap_cli/commands/node.rb index 46c8fb6..b9640a8 100644 --- a/lib/leap_cli/commands/node.rb +++ b/lib/leap_cli/commands/node.rb @@ -7,11 +7,11 @@ module LeapCli; module Commands ## COMMANDS ## - #desc 'Create a new configuration for a node' - #command :'new-node' do |c| - # c.action do |global_options,options,args| - # end - #end + desc 'not yet implemented... Create a new configuration for a node' + command :'new-node' do |c| + c.action do |global_options,options,args| + end + end desc 'Bootstraps a node, setting up ssh keys and installing prerequisites' arg_name '<node-name>', :optional => false, :multiple => false @@ -84,28 +84,27 @@ module LeapCli; module Commands # def save_public_host_key(node) progress("Fetching public SSH host key for #{node.name}") - public_key, key_type = get_public_key_for_ip(node.ip_address) + public_key = get_public_key_for_ip(node.ip_address) pub_key_path = Path.named_path([:node_ssh_pub_key, node.name]) if Path.exists?(pub_key_path) - if file_content_equals?(pub_key_path, node_pub_key_contents(key_type, public_key)) + if public_key == SshKey.load_from_file(pub_key_path) progress("Public SSH host key for #{node.name} has not changed") else bail!("WARNING: The public SSH host key we just fetched for #{node.name} doesn't match what we have saved previously. Remove the file #{pub_key_path} if you really want to change it.") end - elsif key_in_known_hosts?(public_key, [node.name, node.ip_address, node.domain.name]) + elsif public_key.in_known_hosts?(node.name, node.ip_address, node.domain.name) progress("Public SSH host key for #{node.name} is trusted (key found in your ~/.ssh/known_hosts)") else - fingerprint, bits = ssh_key_fingerprint(key_type, public_key) puts say("This is the SSH host key you got back from node \"#{node.name}\"") - say("Type -- #{bits} bit #{key_type.upcase}") - say("Fingerprint -- " + fingerprint) - say("Public Key -- " + public_key) + say("Type -- #{public_key.bits} bit #{public_key.type.upcase}") + say("Fingerprint -- " + public_key.fingerprint) + say("Public Key -- " + public_key.key) if !agree("Is this correct? ") bail! else puts - write_file!([:node_ssh_pub_key, node.name], node_pub_key_contents(key_type, public_key)) + write_file!([:node_ssh_pub_key, node.name], public_key.to_s) end end end @@ -116,49 +115,7 @@ module LeapCli; module Commands line = output.split("\n").grep(/^[^#]/).first assert! line, "Got zero host keys back!" ip, key_type, public_key = line.split(' ') - return [public_key, key_type] - end - - # - # returns true if the particular host_key is found in a "known_hosts" file installed for the current user or on this machine. - # - # - host_key: string of ssh public host key - # - identifiers: an array of identifers (which could be an ip address or hostname) - # - def key_in_known_hosts?(host_key, identifiers) - identifiers.each do |identifier| - Net::SSH::KnownHosts.search_for(identifier).each do |key| - # i am not sure what format ssh keys are in, but key.to_pem returns something different than we need. - # this little bit of magic code will encode correctly. I think the format is base64 encoding of bits, exponent, and modulus. - key_string = [Net::SSH::Buffer.from(:key, key).to_s].pack("m*").gsub(/\s/, "") - return true if key_string == host_key - end - end - return false - end - - # - # gets a fingerprint for a key string - # - # i think this could better be done this way: - # blob = Net::SSH::Buffer.from(:key, key).to_s - # fingerprint = OpenSSL::Digest::MD5.hexdigest(blob).scan(/../).join(":") - # - def ssh_key_fingerprint(type, key) - assert_bin!('ssh-keygen') - file = Tempfile.new('leap_cli_public_key_') - begin - file.write(type) - file.write(" ") - file.write(key) - file.close - output = assert_run!("ssh-keygen -l -f #{file.path}", "Failed to run ssh-keygen on public key.") - bits, fingerprint, filename, key_type = output.split(' ') - return [fingerprint, bits] - ensure - file.close - file.unlink - end + return SshKey.load(public_key, key_type) end def ping_node(node) @@ -166,14 +123,4 @@ module LeapCli; module Commands assert_run!("ping -W 1 -c 1 #{node.ip_address}", "Could not ping #{node.name} (address #{node.ip_address}). Try again, we only send a single ping.") end - # - # returns a string that can be used for the contents of the files/nodes/x/x_ssh_key.pub file - # - # We write the file without ipaddress or hostname, because these might change later. - # The ip and host is added at when compiling the combined known_hosts file. - # - def node_pub_key_contents(key_type, public_key) - [key_type, public_key].join(' ') - end - end; end
\ No newline at end of file |