Bug#592550: Provide support for SSH-Key authentication (Supports Eucalyptus and Amazon EC2)
Le Tue, Aug 10, 2010 at 04:49:51PM -0400, Kyle Moffett a écrit :
>
> When performing partially-automated virtual-server installations (using
> services such as Eucalyptus or Amazon EC2, for example), it's not really
> practical or secure to use password-based authentication for the
> installer.
>
> Furthermore, such virtual server environments provide an automatic
> method of provisioning public SSH keys during the installation process
> via an HTTP URL.
>
> The Ubuntu guys seem to have a patch for this that never got merged:
> https://bugs.launchpad.net/ubuntu/+source/network-console/+bug/184108
Dear all,
I think that it would wonderful if Ubuntu's patch were applied in Debian. Here
is a slimmed down version of it, where I removed the Ubuntu-specific parts
changing debian/control, the changelog and .gitignore files, …
http://patches.ubuntu.com/n/network-console/network-console_1.28ubuntu1.patch
--- 1.28/debian/network-console.postinst 2011-01-19 04:51:17.000000000 +0000
+++ 1.28ubuntu1/debian/network-console.postinst 2011-05-04 00:19:29.000000000 +0100
@@ -26,7 +26,30 @@ case "$ARCHDETECT" in
;;
esac
-while [ -z "$PASSWORD" ]; do
+db_get $TEMPLATE_ROOT/authorized_keys_url
+
+AUTHORIZED_KEYS_URL="$RET"
+AUTHORIZED_KEYS_DIRECTORY="/.ssh"
+AUTHORIZED_KEYS_FILE="$AUTHORIZED_KEYS_DIRECTORY/authorized_keys"
+
+if [ -n "$AUTHORIZED_KEYS_URL" ]; then
+ if [ ! -f "$AUTHORIZED_KEYS_FILE" ]; then
+ [ -d "$AUTHORIZED_KEYS_DIRECTORY" ] || \
+ mkdir "$AUTHORIZED_KEYS_DIRECTORY"
+ chmod 0700 "$AUTHORIZED_KEYS_DIRECTORY"
+ if ! wget -q "$AUTHORIZED_KEYS_URL" -O "$AUTHORIZED_KEYS_FILE"; then
+ db_subst $TEMPLATE_ROOT/authorized_keys_fetch_failure \
+ LOCATION "$AUTHORIZED_KEYS_URL"
+ db_input critical $TEMPLATE_ROOT/authorized_keys_fetch_failure \
+ || true
+ db_go
+ exit 1
+ fi
+ chmod 0644 "$AUTHORIZED_KEYS_FILE" || true
+ fi
+fi
+
+while [ ! -f "$AUTHORIZED_KEYS_FILE" ] && [ -z "$PASSWORD" ]; do
db_input critical $TEMPLATE_ROOT/password || true
COMPARE_PW=''
db_input high $TEMPLATE_ROOT/password-again && COMPARE_PW=1 || true
diff -pruN 1.28/debian/network-console.templates 1.28ubuntu1/debian/network-console.templates
--- 1.28/debian/network-console.templates 2011-01-19 04:51:17.000000000 +0000
+++ 1.28ubuntu1/debian/network-console.templates 2011-05-04 00:19:29.000000000 +0100
@@ -75,3 +75,19 @@ _Description: Start SSH
.
Please check this carefully against the fingerprint reported by
your SSH client.
+
+Template: network-console/authorized_keys_url
+Type: string
+Description: for internal use; can be preseeded
+ What URL contains a list of authorized SSH public keys?
+ .
+ The file at the given URL should be of the same form as a standard OpenSSH
+ authorized_keys file.
+
+Template: network-console/authorized_keys_fetch_failure
+Type: error
+# should be translated when committed upstream
+Description: Could not fetch OpenSSH authorized keys
+ An error occurred while fetching OpenSSH authorized keys from ${LOCATION}.
+ .
+ Check /var/log/syslog or see virtual console 4 for the details.
Please let me know how I can help to make this happen.
Cheers,
--
Charles Plessy
Tsurumi, Kanagawa, Japan
Reply to: