[config.py,bind.py,populate_sshFingerprint.py] Configuration pour sshfp dans config.py, ajout d'un script pour ajouter les clef des serveur dans ldap
Ignore-this: 5fe4b7490ca1f97168b6ce457374ffb5 darcs-hash:20130118011803-3a55a-2fb24947d4f3807082ae5f0da41741e0ef0086c8.gz
This commit is contained in:
Valentin Samir
parent
4c206f8649
commit
b844853894
3 changed files with 85 additions and 8 deletions
64
gestion/gen_confs/populate_sshFingerprint.py
Executable file
64
gestion/gen_confs/populate_sshFingerprint.py
Executable file
|
|
@ -0,0 +1,64 @@
|
|||
#! /usr/bin/env python
|
||||
# -*- coding: utf-8 -*-
|
||||
import subprocess
|
||||
import sys
|
||||
import os
|
||||
from socket import gethostname
|
||||
from netifaces import interfaces, ifaddresses, AF_INET
|
||||
|
||||
sys.path.append('/usr/scripts/lc_ldap')
|
||||
sys.path.append('/usr/scripts/gestion')
|
||||
sys.path.append('/etc/crans/secrets/')
|
||||
|
||||
import lc_ldap
|
||||
import config
|
||||
|
||||
conn=lc_ldap.lc_ldap_admin()
|
||||
|
||||
ssh_algo = config.sshfp_algo.keys()
|
||||
|
||||
def ip4_addresses():
|
||||
ip_list = []
|
||||
for interface in interfaces():
|
||||
if interface!='lo' and AF_INET in ifaddresses(interface).keys():
|
||||
for link in ifaddresses(interface)[AF_INET]:
|
||||
ip_list.append(link['addr'])
|
||||
return ip_list
|
||||
|
||||
def ssh_keyscan(host,algo):
|
||||
p=subprocess.Popen(["/usr/bin/ssh-keyscan", "-t", "%s" % algo,"%s" % host],stdout=subprocess.PIPE,stderr=subprocess.PIPE)
|
||||
ret=p.communicate()[0].split()
|
||||
key=ret[2]
|
||||
return key
|
||||
|
||||
|
||||
def get_machines():
|
||||
machines=[]
|
||||
for ip in set(ip4_addresses()):
|
||||
machines.extend(conn.search('ipHostNumber=%s' %ip,mode='rw'))
|
||||
return machines
|
||||
|
||||
def get_local_keys():
|
||||
keys={}
|
||||
for algo in ssh_algo:
|
||||
if os.path.isfile('/etc/ssh/ssh_host_%s_key.pub' % algo):
|
||||
keys[algo]=open('/etc/ssh/ssh_host_%s_key.pub' % algo).read()
|
||||
return keys
|
||||
|
||||
def check_keys(keys):
|
||||
return dict([ (algo,key.split()[1] == ssh_keyscan('localhost',algo)) for algo,key in keys.items() ])
|
||||
|
||||
def publish_keys():
|
||||
keys=get_local_keys()
|
||||
validation=check_keys(keys)
|
||||
machines=get_machines()
|
||||
for machine in machines:
|
||||
sshkeys_old=[key.value for key in machine.get('sshFingerprint',[])]
|
||||
sshkeys_new=[key.decode('UTF-8') for algo,key in keys.items() if validation[algo]]
|
||||
if not set(sshkeys_old)==set(sshkeys_new):
|
||||
machine['sshFingerprint']=sshkeys_new
|
||||
machine.save()
|
||||
|
||||
|
||||
if __name__ == '__main__' :
|
||||
publish_keys()
|
||||
Loading…
Add table
Add a link
Reference in a new issue