From bf3f301678a38d7436635db5fdc1e669c31da231 Mon Sep 17 00:00:00 2001
From: elijah <elijah@riseup.net>
Date: Wed, 19 Mar 2014 15:06:20 -0700
Subject: yep, another attempt to fix ssh. (now authorized_keys2 is set to
 insecure vagrant key)

---
 lib/leap_cli/commands/node.rb |  5 ++---
 lib/leap_cli/remote/tasks.rb  | 20 +++++++-------------
 2 files changed, 9 insertions(+), 16 deletions(-)

(limited to 'lib/leap_cli')

diff --git a/lib/leap_cli/commands/node.rb b/lib/leap_cli/commands/node.rb
index fdd1fa8..b554c1f 100644
--- a/lib/leap_cli/commands/node.rb
+++ b/lib/leap_cli/commands/node.rb
@@ -64,10 +64,9 @@ module LeapCli; module Commands
           ssh_connect_options = connect_options(options).merge({:bootstrap => true, :echo => options[:echo]})
           ssh_connect(node, ssh_connect_options) do |ssh|
             if node.vagrant?
-              ssh.install_authorized_keys2
-            else
-              ssh.install_authorized_keys
+              ssh.install_insecure_vagrant_key
             end
+            ssh.install_authorized_keys
             ssh.install_prerequisites
             ssh.leap.capture(facter_cmd) do |response|
               if response[:exitcode] == 0
diff --git a/lib/leap_cli/remote/tasks.rb b/lib/leap_cli/remote/tasks.rb
index 9f24599..21a6cc6 100644
--- a/lib/leap_cli/remote/tasks.rb
+++ b/lib/leap_cli/remote/tasks.rb
@@ -13,26 +13,20 @@ task :install_authorized_keys, :max_hosts => MAX_HOSTS do
 end
 
 #
-# for vagrant nodes, we don't overwrite authorized_keys, because we want to keep the insecure vagrant key.
-# instead we install to authorized_keys2, which is also used by sshd.
+# for vagrant nodes, we install insecure vagrant key to authorized_keys2, since deploy
+# will overwrite authorized_keys.
 #
-# why?
-#   without it, it might be impossible to re-initialize a node.
-#
-# ok, why is that?
-#   when we init a vagrant node, we force it to use the insecure vagrant key, and not the user's keys
-#   (so re-initialization would be impossible if authorized_keys doesn't include insecure key).
-#
-# ok, why force the insecure vagrant key in the first place?
+# why force the insecure vagrant key?
 #   if we don't do this, then first time initialization might fail if the user has many keys
 #   (ssh will bomb out before it gets to the vagrant key).
 #   and it really doesn't make sense to ask users to pin the insecure vagrant key in their
 #   .ssh/config files.
 #
-task :install_authorized_keys2, :max_hosts => MAX_HOSTS do
-  leap.log :updating, "authorized_keys2" do
+task :install_insecure_vagrant_key, :max_hosts => MAX_HOSTS do
+  leap.log :installing, "insecure vagrant key" do
     leap.mkdirs '/root/.ssh'
-    upload LeapCli::Path.named_path(:authorized_keys), '/root/.ssh/authorized_keys2', :mode => '600'
+    key_file = File.expand_path('../../../vendor/vagrant_ssh_keys/vagrant.pub', File.dirname(__FILE__))
+    upload key_file, '/root/.ssh/authorized_keys2', :mode => '600'
   end
 end
 
-- 
cgit v1.2.3