From 6e4fdf0738625957a809d548adbbbf8fa31adffc Mon Sep 17 00:00:00 2001
From: dobli <dobler.alex@gmail.com>
Date: Fri, 18 Jan 2019 15:36:00 +0100
Subject: [PATCH] added generation of ssh host keys and known_hosts file
---
README.md | 1 -
building_manager.py | 56 ++++++++++++++++++++++++++++++++++++++++++++-
2 files changed, 55 insertions(+), 2 deletions(-)
diff --git a/README.md b/README.md
index 064f9f8..19cdb65 100644
--- a/README.md
+++ b/README.md
@@ -99,7 +99,6 @@ The openhab-pb stack consists of multiple configuration files that need to be av
- contains entry for openhab package
- *nodered_settings.js*: basic node red config
- copy from template folder
- - contains `httpNodeAuth` for users
**ssh**
diff --git a/building_manager.py b/building_manager.py
index 2db9527..ee3d6a8 100755
--- a/building_manager.py
+++ b/building_manager.py
@@ -23,7 +23,10 @@ TEMPLATE_FILES = [
EDIT_FILES = {
"mosquitto_passwords": "mosquitto/mosquitto_passwords",
"sftp_users": "ssh/sftp_users.conf",
- "traefik_users": "traefik/traefik_users"
+ "traefik_users": "traefik/traefik_users",
+ "id_rsa": "ssh/id_rsa",
+ "host_key": "ssh/ssh_host_ed25519_key",
+ "known_hosts": "ssh/known_hosts"
}
# Default Swarm port
@@ -145,6 +148,55 @@ def generate_sftp_file(base_dir, username, password, direcories=None):
file_content)
+def generate_id_rsa_files(base_dir):
+ """Generates id_rsa and id_rsa.pub private/public keys using ssh-keygen
+
+ :base_dir: path that contains custom config folder
+ """
+ id_path = base_dir + '/' + CUSTOM_DIR + "/" + EDIT_FILES['id_rsa']
+
+ # execute ssh-keygen
+ id_result = run(
+ ['ssh-keygen', '-t', 'rsa', '-b', '4096', '-f', id_path, '-N', ''],
+ text=True,
+ capture_output=True)
+ return id_result.returncode == 0
+
+
+def generate_host_key_files(base_dir, hosts):
+ """Generates ssh host keys and matching known_hosts using ssh-keygen
+
+ :base_dir: path that contains custom config folder
+ """
+ key_path = base_dir + '/' + CUSTOM_DIR + "/" + EDIT_FILES['host_key']
+ # ssh-keygen generates public key with .pub postfix
+ pub_path = key_path + '.pub'
+
+ # execute ssh-keygen
+ id_result = run(['ssh-keygen', '-t', 'ed25519', '-f', key_path, '-N', ''],
+ text=True,
+ capture_output=True)
+
+ # read content of public key as known line
+ known_line = ""
+ with open(pub_path, 'r') as pub_file:
+ pub_line = pub_file.readline()
+ split_line = pub_line.split()
+ # delete last list element
+ del split_line[-1]
+ # collect hosts as comma separated string
+ hosts_line = ','.join(h for h in hosts)
+ split_line.insert(0, hosts_line)
+ # collect parts as space separated string
+ known_line = ' '.join(sp for sp in split_line)
+
+ # write new known_line file
+ create_or_replace_config_file(base_dir, EDIT_FILES['known_hosts'],
+ known_line)
+
+ return id_result.returncode == 0
+
+
def generate_traefik_file(base_dir, username, password):
"""Generates a traefik password file
@@ -476,6 +528,8 @@ def init_menu(args):
generate_sftp_file(base_dir, answers['username'], answers['password'])
generate_mosquitto_file(base_dir, answers['username'], answers['password'])
generate_traefik_file(base_dir, answers['username'], answers['password'])
+ generate_id_rsa_files(base_dir)
+ generate_host_key_files(base_dir, ["host1", "host2"])
print(answers)
--
GitLab