crans/scripts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[dns/SSHFP] Ajout des clef ecdsa et de l'algorithm de hash sha256 pour SSHFP (cf rfc6594)

Browse source
This commit is contained in:
Valentin Samir 2014-01-19 00:59:36 +01:00
parent 1b44f5357d
commit 0587b59de9
3 changed files with 14 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

5
gestion/config/config.py
View file

@ -114,12 +114,17 @@ ISCSI_MAP_FILE = "/usr/scripts/var/iscsi_names.py"
sshfp_algo = { sshfp_algo = {
"rsa" : (1, "ssh-rsa"), "rsa" : (1, "ssh-rsa"),
"dsa" : (2, "ssh-dss"), "dsa" : (2, "ssh-dss"),
"ecdsa-256" : (3, "ecdsa-sha2-nistp256"),
"ecdsa-384" : (3, "ecdsa-sha2-nistp384"),
"ecdsa-521" : (3, "ecdsa-sha2-nistp521"),
"ecdsa" : (3, "ecdsa-sha2-nistp521"),
} }
sshkey_max_age=2*(365.25*24*3600) sshkey_max_age=2*(365.25*24*3600)
sshkey_size = { sshkey_size = {
'rsa':4096, 'rsa':4096,
'dsa':1024, 'dsa':1024,
'ecdsa':521,
} }
#: Nombre de jours après le passage en chambre ???? où on supprime les machines #: Nombre de jours après le passage en chambre ???? où on supprime les machines

6
gestion/gen_confs/bind.py
View file

@ -379,8 +379,10 @@ zone "%(NOM_zone)s" {
break break
if not algo: if not algo:
raise ValueError("Invalid Algorithms %s" % algo_txt) raise ValueError("Invalid Algorithms %s" % algo_txt)
key=hashlib.sha1(base64.b64decode(key)).hexdigest() key1=hashlib.sha1(base64.b64decode(key)).hexdigest()
ligne +="%s\tIN\tSSHFP\t%s\t1\t%s\n" % (nom,algo,key) key2=hashlib.sha256(base64.b64decode(key)).hexdigest()
ligne +="%s\tIN\tSSHFP\t%s\t1\t%s\n" % (nom,algo,key1)
ligne +="%s\tIN\tSSHFP\t%s\t2\t%s\n" % (nom,algo,key2)
except(ValueError,TypeError): pass except(ValueError,TypeError): pass
direct[zone] = direct.get(zone, "") + ligne direct[zone] = direct.get(zone, "") + ligne
if isinstance(machine,ldap_crans.BorneWifi): if isinstance(machine,ldap_crans.BorneWifi):

7
gestion/gen_confs/populate_sshFingerprint.py
View file

@ -31,8 +31,11 @@ def ip4_addresses():
def ssh_keyscan(host,algo): def ssh_keyscan(host,algo):
p=subprocess.Popen(["/usr/bin/ssh-keyscan", "-t", "%s" % algo,"%s" % host],stdout=subprocess.PIPE,stderr=subprocess.PIPE) p=subprocess.Popen(["/usr/bin/ssh-keyscan", "-t", "%s" % algo,"%s" % host],stdout=subprocess.PIPE,stderr=subprocess.PIPE)
ret=p.communicate()[0].split() ret=p.communicate()[0].split()
key=ret[2] if len(ret)>2:
return key key=ret[2]
return key
else:
sys.stderr.write("No key for algo %s used by host %s\n" % (algo, host))
def ssh_md5_hash(path): def ssh_md5_hash(path):
key=base64.b64decode(open(path).read().split()[1]) key=base64.b64decode(open(path).read().split()[1])