diff options
| author | Aravinda VK <avishwan@redhat.com> | 2015-01-12 17:59:16 +0530 | 
|---|---|---|
| committer | Venky Shankar <vshankar@redhat.com> | 2015-02-19 18:56:28 -0800 | 
| commit | 633cc5aea181a0e76a16c11d4035542fe3b06f19 (patch) | |
| tree | 88170d20ca82384dc6173930669f1d037ac61aad /geo-replication | |
| parent | 1226083d0ff5fcff21abd16b314effeee49ae770 (diff) | |
geo-rep: Add support for non standard AuthorizedKeysFile location
In /etc/ssh/sshd_config, AuthorizedKeysFile can be customized
using %u and %h variables, %u will be replaced by user name
and %h will be replaced by home dir name. Default location is
.ssh/authorized_keys
For example,
AuthorizedKeysFile .ssh/authorized_keys
AuthorizedKeysFile %h/.my_secret_dir/authorized_keys
AuthorizedKeysFile /etc/ssh/keys/%u/authorized_keys
PS: Support only added for %h and %u in sshd_config
BUG: 1181117
Signed-off-by: Aravinda VK <avishwan@redhat.com>
Change-Id: Ic6ba20f9d202762dfdb6d0c73ea42e7f7c64e177
Reviewed-on: http://review.gluster.org/9436
Reviewed-by: Kotresh HR <khiremat@redhat.com>
Reviewed-by: Venky Shankar <vshankar@redhat.com>
Tested-by: Venky Shankar <vshankar@redhat.com>
Diffstat (limited to 'geo-replication')
| -rw-r--r-- | geo-replication/src/peer_add_secret_pub.in | 41 | 
1 files changed, 32 insertions, 9 deletions
| diff --git a/geo-replication/src/peer_add_secret_pub.in b/geo-replication/src/peer_add_secret_pub.in index 5a9fd9ac347..a297dd09754 100644 --- a/geo-replication/src/peer_add_secret_pub.in +++ b/geo-replication/src/peer_add_secret_pub.in @@ -26,16 +26,39 @@ if [ "$home_dir" == "" ]; then      exit 1;  fi -if [ ! -d $home_dir/.ssh ]; then -    mkdir $home_dir/.ssh; -    chmod 700 $home_dir/.ssh; -    chown $user: $home_dir/.ssh; +authorized_keys_file=$(cat /etc/ssh/sshd_config | \ +                              grep -e "^AuthorizedKeysFile" | \ +                              awk '{print $2}' | tail -1); + +# If not set, use default location +if [ "x$authorized_keys_file" == "x" ]; then +    authorized_keys_file="%h/.ssh/authorized_keys" +fi + +# If default location +if [ "$authorized_keys_file" == ".ssh/authorized_keys" ]; then +    authorized_keys_file="%h/$authorized_keys_file" +fi + +# Replace %u with user name (ex: /etc/ssh/keys/%u/authorized_keys) +authorized_keys_file="${authorized_keys_file//%u/$user}"; + +# Replace %h with home dir (ex: %h/.ssh/authorized_keys) +authorized_keys_file="${authorized_keys_file//%h/$home_dir}"; +ssh_dir=$(dirname $authorized_keys_file); + +if [ ! -d $ssh_dir ]; then +    mkdir $ssh_dir; +    chmod 700 $ssh_dir; +    chown $user: $ssh_dir;  fi -if [ ! -d $home_dir/.ssh/authorized_keys ]; then -    touch $home_dir/.ssh/authorized_keys; -    chmod 600 $home_dir/.ssh/authorized_keys; -    chown $user: $home_dir/.ssh/authorized_keys; +if [ ! -d $authorized_keys_file ]; then +    touch $authorized_keys_file; +    chmod 600 $authorized_keys_file; +    chown $user: $authorized_keys_file;  fi -cat "$GLUSTERD_WORKDIR"/geo-replication/${mastervol}_${slavevol}_common_secret.pem.pub >> $home_dir/.ssh/authorized_keys; +pub_file=${mastervol}_${slavevol}_common_secret.pem.pub +cat "$GLUSTERD_WORKDIR"/geo-replication/$pub_file >> \ +    $authorized_keys_file; | 
