search for: ssh_keys

Dear puppet wizards, http://docs.puppetlabs.com/puppet/3/reference/lang_defined_types.html does not suggest to me that nested parametrized defines would be forbidden, hence I expected the following code to work: add_to_ssh_authorized_keys.pp: -------- define a::ssh_keys::add_to_ssh_authorized_keys($homebasedir="/home", $targetuser="root", $keyowner, $keyownername, $state="present" ) { $sshdir = "$homebasedir/$targetuser/.ssh" $authfile = "$sshdir/authorized_keys" ssh_authorized_key {"$keyowner@censhare.de(...

Turn the snippet reading user information from /etc/passwd in a slightly more generic function, so there is no need to copy&paste for other details. Mostly code motion. --- customize/ssh_key.ml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/customize/ssh_key.ml b/customize/ssh_key.ml index a4e4a51..7c482e7 100644 --- a/customize/ssh_key.ml +++

This adds a customize option: virt-customize --ssh-inject USER virt-customize --ssh-inject USER:string:KEY_STRING virt-customize --ssh-inject USER:file:FILENAME (ditto for virt-builder and virt-sysprep) In each case this injects into the guest user USER a) the current (host) user's ssh pubkey b) the key specified as KEY_STRING c) the key in FILENAME adding it to

Both ssh-copy-id and ssh create .ssh as 0700. ssh-copy-id creates .ssh/authorized_keys as 0600. Thanks: Ryan Sawhill for finding the bug. --- customize/ssh_key.ml | 4 ++-- src/guestfs.pod | 17 +++++++++++++++++ 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/customize/ssh_key.ml b/customize/ssh_key.ml index 09664bf..dd6056f 100644 --- a/customize/ssh_key.ml +++

This adds a customize option: virt-customize --ssh-inject USER[=KEY] virt-builder --ssh-inject USER[=KEY] virt-sysprep --ssh-inject USER[=KEY] In each case this either injects the current (host) user's ssh pubkey into the guest user USER (adding it to ~USER/.ssh/authorized_keys in the guest), or you can specify a particular key. For example: virt-builder fedora-20 --ssh-inject root

When creating ~/.ssh and ~/.ssh/authorized_keys (in case they are missing), change their ownership to the target user. If not, they are owned by root. --- customize/ssh_key.ml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/customize/ssh_key.ml b/customize/ssh_key.ml index 7c482e7..d05816c 100644 --- a/customize/ssh_key.ml +++ b/customize/ssh_key.ml @@ -115,20 +115,24

...edTo: unassigned-bugs at mindrot.org ReportedBy: jchadima at redhat.com the setgid programs are potentially less dangerous than setuid ones. the only setuid program in the openssh suite is ssh-keysign. It need to access private server keys. The solution is to create one dedicated group (ssh_keys). The keys then should be rw-r---- root:ssh_keys The ssh-keysign should be setgid ssh_keys And finally authfile.c should be patched to accept such keys. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching...

I am writing a program that synchronizes my companies Windows laptops with our home server. Due to the nature of our proxy/firewall, I must use SSH with port forwarding to achieve this goal. Currently I establish the SSH connection using the following command: ssh ssh_user@proxy.example.com -i file_name -L 873:200.200.60.60:7000 -N and then run rsync with the following command: rsync

Doing this allows us to remove the Customize_utils module completely, since it becomes empty. Rich.

Hello, I''m trying to reuse an ssh_authorized_key, but I''m having some problems. There was a recent thread about using the same key for different users, but I didn''t see any resolution there. My issue is a bit different. I''m currently using this key: class ssh_keys::all { class bob { ssh_authorized_key {"bob": name => "bob@somehost", ensure => present, key => "*snip*" user => "root", type => ssh-dss } } } I''m try...

Hi all, I am trying to understand how does hiera puppet backend work, so I created the following example: hiera.yaml has only: --- :backends: - puppet --- And the node: node ''testnode'' { $variable = ''kk'' $thing = hiera ("variable") notify { "note: $thing": } } I don''t want to use the yaml backend for now, just want to

This implements the --selinux-relabel option for virt-customize, virt-builder and virt-sysprep. There is no need to autorelabel functionality now. Thanks: Stephen Smalley --- builder/Makefile.am | 1 + builder/virt-builder.pod | 20 +++++++++---------- customize/Makefile.am | 2 ++ customize/SELinux_relabel.ml | 46 +++++++++++++++++++++++++++++++++++++++++++

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I had a working 0.19.3 puppet install, but after an upgrade to 0.20 and then restarting puppetmasterd I get the following error: # /etc/init.d/puppetmaster start All resource specifications require names in file /etc/puppet/manifests/modules/ssh_keys.pp at line 24 * Failed to start puppetmaster So, looking at the file in question shows the following code (in condensed form): 1 class ssh_keys { 2 # Commemnts : ... [snip] 19 20 sshkey { name => "portman-linux.goshen.edu", 21 alias => [ "portman-linux", &qu...

Add simple operations for RHEL guests using subscription-manager, so it is possible to e.g. install software on them. --- builder/Makefile.am | 1 + builder/virt-builder.pod | 47 ++++++++++++++++++ customize/Makefile.am | 2 + customize/customize_run.ml | 34 +++++++++++++ customize/subscription_manager.ml | 53 ++++++++++++++++++++

Str is a pretty ugly regexp module. Let's try to replace it with PCRE. This series of commits goes some small way towards that eventual goal. - - - I wonder if there was a deep reason why we had this? let unix2dos s = String.concat "\r\n" (Str.split_delim (Str.regexp_string "\n") s) I replaced it with what I think should be (nearly) equivalent: let unix2dos s =

Hi, this is the v2 of a series introducing basic support for registering/attaching/unregistering RHEL guests using subscription-manager, so it is possible to do for example: $ virt-customize -a rhel-guest.qcow2 \ --sm-credentials user:file:/path/to/password-file --sm-register \ --sm-attach file:/path/to/pool-file \ --install pkg1 --install pkg2 .. \ --sm-remove --sm-unregister

Hi, I am trying to give access to sshd port 22 to connect to different port 1023 by differentiating with special user, customuser. Following is how i tried, but it doesnt work, please suggest. outside, user issues command ssh customuser at ip, it fails inside sshd_config, i wrote the following: Match user customuser ForceCommand . /etc/myscript inside myscript, I do the following: read

Hi, some time ago I had started working on a rsync-based backup system. After I longer break; I now tried to continue this project but can't get it to work anymore. Maybe somebody here has any idea. The basic setup looks like this: client: $rsync $rsync_opts --rsh="'ssh -i $ssh_key'" $filesystems $bak_host::backup_module/path on the server side, the ssh key triggered a

...keys" ]; then chmod 644 $INSTALL_ROOT/root/.ssh/authorized_keys fi +if [ -f ovirt-ssh_host_dsa_key -f ovirt-ssh_host_dsa_key.pub \ + -f ovirt-ssh_host_key -f ovirt-ssh_host_key.pub \ + -f ovirt-ssh_host_rsa_key -f ovirt-ssh_host_rsa_key.pub ]; then + echo "Adding persistent ssh_keys for host to Image" + mkdir -p $INSTALL_ROOT/etc/ssh + cp -v ovirt-ssh_host_dsa_key $INSTALL_ROOT/etc/ssh/ssh_host_dsa_key + cp -v ovirt-ssh_host_key $INSTALL_ROOT/etc/ssh/ssh_host_key + cp -v ovirt-ssh_host_rsa_key $INSTALL_ROOT/etc/ssh/ssh_host_rsa_key + cp -v ovirt-ssh_host_key.p...

...hkey { "$hostname": type => rsa, key => $sshrsakey } @@sshkey { "$fqdn": type => rsa, key => $sshrsakey } @@sshkey { "$ipaddress": type => rsa, key => $sshrsakey } } } } class ssh_keys { include ssh_rsa_keys # Now collect everyone else''s keys Sshkey <<| |>> # and my own? Sshkey <| |> }