[stable-2.9] Work around ssh-keygen issue in ansible-test. (#63211)

Newer versions of ssh-keygen create PEM keys that are not recognized by Paramiko.

Now ansible-test compensates for this by updating they keys it generates so Paramiko will recognize them.
(cherry picked from commit 022335669c)

Co-authored-by: Matt Clay <matt@mystile.com>
pull/63252/head
Matt Clay 5 years ago committed by Toshio Kuratomi
parent 24e64d1ba1
commit f004deaf91

@ -0,0 +1,2 @@
bugfixes:
- ansible-test now updates SSH keys it generates with newer versions of ssh-keygen to function with Paramiko

@ -85,6 +85,11 @@ fi
if [ ! -f "${HOME}/.ssh/id_rsa.pub" ]; then if [ ! -f "${HOME}/.ssh/id_rsa.pub" ]; then
ssh-keygen -m PEM -q -t rsa -N '' -f "${HOME}/.ssh/id_rsa" ssh-keygen -m PEM -q -t rsa -N '' -f "${HOME}/.ssh/id_rsa"
# newer ssh-keygen PEM output (such as on RHEL 8.1) is not recognized by paramiko
touch "${HOME}/.ssh/id_rsa.new"
chmod 0600 "${HOME}/.ssh/id_rsa.new"
sed 's/\(BEGIN\|END\) PRIVATE KEY/\1 RSA PRIVATE KEY/' "${HOME}/.ssh/id_rsa" > "${HOME}/.ssh/id_rsa.new"
mv "${HOME}/.ssh/id_rsa.new" "${HOME}/.ssh/id_rsa"
cp "${HOME}/.ssh/id_rsa.pub" "${HOME}/.ssh/authorized_keys" cp "${HOME}/.ssh/id_rsa.pub" "${HOME}/.ssh/authorized_keys"
for key in /etc/ssh/ssh_host_*_key.pub; do for key in /etc/ssh/ssh_host_*_key.pub; do
pk=$(cat "${key}") pk=$(cat "${key}")

@ -4,6 +4,7 @@ __metaclass__ = type
import json import json
import os import os
import re
import traceback import traceback
import uuid import uuid
import errno import errno
@ -631,6 +632,13 @@ class SshKey:
if not os.path.isfile(key) or not os.path.isfile(pub): if not os.path.isfile(key) or not os.path.isfile(pub):
run_command(args, ['ssh-keygen', '-m', 'PEM', '-q', '-t', 'rsa', '-N', '', '-f', key]) run_command(args, ['ssh-keygen', '-m', 'PEM', '-q', '-t', 'rsa', '-N', '', '-f', key])
# newer ssh-keygen PEM output (such as on RHEL 8.1) is not recognized by paramiko
with open(key, 'r+') as key_fd:
key_contents = key_fd.read()
key_contents = re.sub(r'(BEGIN|END) PRIVATE KEY', r'\1 RSA PRIVATE KEY', key_contents)
key_fd.seek(0)
key_fd.write(key_contents)
return key, pub return key, pub

Loading…
Cancel
Save