PNG  IHDRX cHRMz&u0`:pQ<bKGD pHYsodtIME MeqIDATxw]Wug^Qd˶ 6`!N:!@xI~)%7%@Bh&`lnjVF29gΨ4E$|>cɚ{gk= %,a KX%,a KX%,a KX%,a KX%,a KX%,a KX%, b` ǟzeאfp]<!SJmɤY޲ڿ,%c ~ع9VH.!Ͳz&QynֺTkRR.BLHi٪:l;@(!MԴ=žI,:o&N'Kù\vRmJ雵֫AWic H@" !: Cé||]k-Ha oݜ:y F())u]aG7*JV@J415p=sZH!=!DRʯvɱh~V\}v/GKY$n]"X"}t@ xS76^[bw4dsce)2dU0 CkMa-U5tvLƀ~mlMwfGE/-]7XAƟ`׮g ewxwC4\[~7@O-Q( a*XGƒ{ ՟}$_y3tĐƤatgvێi|K=uVyrŲlLӪuܿzwk$m87k( `múcE)"@rK( z4$D; 2kW=Xb$V[Ru819קR~qloѱDyįݎ*mxw]y5e4K@ЃI0A D@"BDk_)N\8͜9dz"fK0zɿvM /.:2O{ Nb=M=7>??Zuo32 DLD@D| &+֎C #B8ַ`bOb $D#ͮҪtx]%`ES`Ru[=¾!@Od37LJ0!OIR4m]GZRJu$‡c=%~s@6SKy?CeIh:[vR@Lh | (BhAMy=݃  G"'wzn޺~8ԽSh ~T*A:xR[ܹ?X[uKL_=fDȊ؂p0}7=D$Ekq!/t.*2ʼnDbŞ}DijYaȲ(""6HA;:LzxQ‘(SQQ}*PL*fc\s `/d'QXW, e`#kPGZuŞuO{{wm[&NBTiiI0bukcA9<4@SӊH*؎4U/'2U5.(9JuDfrޱtycU%j(:RUbArLֺN)udA':uGQN"-"Is.*+k@ `Ojs@yU/ H:l;@yyTn}_yw!VkRJ4P)~y#)r,D =ě"Q]ci'%HI4ZL0"MJy 8A{ aN<8D"1#IJi >XjX֔#@>-{vN!8tRݻ^)N_╗FJEk]CT՟ YP:_|H1@ CBk]yKYp|og?*dGvzنzӴzjֺNkC~AbZƷ`.H)=!QͷVTT(| u78y֮}|[8-Vjp%2JPk[}ԉaH8Wpqhwr:vWª<}l77_~{s۴V+RCģ%WRZ\AqHifɤL36: #F:p]Bq/z{0CU6ݳEv_^k7'>sq*+kH%a`0ԣisqにtү04gVgW΂iJiS'3w.w}l6MC2uԯ|>JF5`fV5m`Y**Db1FKNttu]4ccsQNnex/87+}xaUW9y>ͯ骵G{䩓Գ3+vU}~jJ.NFRD7<aJDB1#ҳgSb,+CS?/ VG J?|?,2#M9}B)MiE+G`-wo߫V`fio(}S^4e~V4bHOYb"b#E)dda:'?}׮4繏`{7Z"uny-?ǹ;0MKx{:_pÚmFמ:F " .LFQLG)Q8qN q¯¯3wOvxDb\. BKD9_NN &L:4D{mm o^tֽ:q!ƥ}K+<"m78N< ywsard5+Š²z~mnG)=}lYݧNj'QJS{S :UYS-952?&O-:W}(!6Mk4+>A>j+i|<<|;ر^߉=HE|V#F)Emm#}/"y GII웻Jі94+v뾧xu~5C95~ūH>c@덉pʃ1/4-A2G%7>m;–Y,cyyaln" ?ƻ!ʪ<{~h~i y.zZB̃/,雋SiC/JFMmBH&&FAbϓO^tubbb_hZ{_QZ-sύodFgO(6]TJA˯#`۶ɟ( %$&+V'~hiYy>922 Wp74Zkq+Ovn錄c>8~GqܲcWꂎz@"1A.}T)uiW4="jJ2W7mU/N0gcqܗOO}?9/wìXžΏ0 >֩(V^Rh32!Hj5`;O28؇2#ݕf3 ?sJd8NJ@7O0 b־?lldщ̡&|9C.8RTWwxWy46ah嘦mh٤&l zCy!PY?: CJyв]dm4ǜҐR޻RլhX{FƯanшQI@x' ao(kUUuxW_Ñ줮[w8 FRJ(8˼)_mQ _!RJhm=!cVmm ?sFOnll6Qk}alY}; "baӌ~M0w,Ggw2W:G/k2%R,_=u`WU R.9T"v,<\Ik޽/2110Ӿxc0gyC&Ny޽JҢrV6N ``یeA16"J³+Rj*;BϜkZPJaÍ<Jyw:NP8/D$ 011z֊Ⱳ3ι֘k1V_"h!JPIΣ'ɜ* aEAd:ݺ>y<}Lp&PlRfTb1]o .2EW\ͮ]38؋rTJsǏP@芎sF\> P^+dYJLbJ C-xϐn> ι$nj,;Ǖa FU *择|h ~izť3ᤓ`K'-f tL7JK+vf2)V'-sFuB4i+m+@My=O҈0"|Yxoj,3]:cо3 $#uŘ%Y"y죯LebqtҢVzq¼X)~>4L׶m~[1_k?kxֺQ`\ |ٛY4Ѯr!)N9{56(iNq}O()Em]=F&u?$HypWUeB\k]JɩSع9 Zqg4ZĊo oMcjZBU]B\TUd34ݝ~:7ڶSUsB0Z3srx 7`:5xcx !qZA!;%͚7&P H<WL!džOb5kF)xor^aujƍ7 Ǡ8/p^(L>ὴ-B,{ۇWzֺ^k]3\EE@7>lYBȝR.oHnXO/}sB|.i@ɥDB4tcm,@ӣgdtJ!lH$_vN166L__'Z)y&kH;:,Y7=J 9cG) V\hjiE;gya~%ks_nC~Er er)muuMg2;֫R)Md) ,¶ 2-wr#F7<-BBn~_(o=KO㭇[Xv eN_SMgSҐ BS헃D%g_N:/pe -wkG*9yYSZS.9cREL !k}<4_Xs#FmҶ:7R$i,fi!~' # !6/S6y@kZkZcX)%5V4P]VGYq%H1!;e1MV<!ϐHO021Dp= HMs~~a)ަu7G^];git!Frl]H/L$=AeUvZE4P\.,xi {-~p?2b#amXAHq)MWǾI_r`S Hz&|{ +ʖ_= (YS(_g0a03M`I&'9vl?MM+m~}*xT۲(fY*V4x@29s{DaY"toGNTO+xCAO~4Ϳ;p`Ѫ:>Ҵ7K 3}+0 387x\)a"/E>qpWB=1 ¨"MP(\xp߫́A3+J] n[ʼnӼaTbZUWb={~2ooKױӰp(CS\S筐R*JغV&&"FA}J>G֐p1ٸbk7 ŘH$JoN <8s^yk_[;gy-;߉DV{c B yce% aJhDȶ 2IdйIB/^n0tNtџdcKj4϶v~- CBcgqx9= PJ) dMsjpYB] GD4RDWX +h{y`,3ꊕ$`zj*N^TP4L:Iz9~6s) Ga:?y*J~?OrMwP\](21sZUD ?ܟQ5Q%ggW6QdO+\@ ̪X'GxN @'4=ˋ+*VwN ne_|(/BDfj5(Dq<*tNt1х!MV.C0 32b#?n0pzj#!38}޴o1KovCJ`8ŗ_"]] rDUy޲@ Ȗ-;xџ'^Y`zEd?0„ DAL18IS]VGq\4o !swV7ˣι%4FѮ~}6)OgS[~Q vcYbL!wG3 7띸*E Pql8=jT\꘿I(z<[6OrR8ºC~ډ]=rNl[g|v TMTղb-o}OrP^Q]<98S¤!k)G(Vkwyqyr޽Nv`N/e p/~NAOk \I:G6]4+K;j$R:Mi #*[AȚT,ʰ,;N{HZTGMoּy) ]%dHء9Պ䠬|<45,\=[bƟ8QXeB3- &dҩ^{>/86bXmZ]]yޚN[(WAHL$YAgDKp=5GHjU&99v簪C0vygln*P)9^͞}lMuiH!̍#DoRBn9l@ xA/_v=ȺT{7Yt2N"4!YN`ae >Q<XMydEB`VU}u]嫇.%e^ánE87Mu\t`cP=AD/G)sI"@MP;)]%fH9'FNsj1pVhY&9=0pfuJ&gޤx+k:!r˭wkl03׼Ku C &ѓYt{.O.zҏ z}/tf_wEp2gvX)GN#I ݭ߽v/ .& и(ZF{e"=V!{zW`, ]+LGz"(UJp|j( #V4, 8B 0 9OkRrlɱl94)'VH9=9W|>PS['G(*I1==C<5"Pg+x'K5EMd؞Af8lG ?D FtoB[je?{k3zQ vZ;%Ɠ,]E>KZ+T/ EJxOZ1i #T<@ I}q9/t'zi(EMqw`mYkU6;[t4DPeckeM;H}_g pMww}k6#H㶏+b8雡Sxp)&C $@'b,fPߑt$RbJ'vznuS ~8='72_`{q纶|Q)Xk}cPz9p7O:'|G~8wx(a 0QCko|0ASD>Ip=4Q, d|F8RcU"/KM opKle M3#i0c%<7׿p&pZq[TR"BpqauIp$ 8~Ĩ!8Սx\ւdT>>Z40ks7 z2IQ}ItԀ<-%S⍤};zIb$I 5K}Q͙D8UguWE$Jh )cu4N tZl+[]M4k8֦Zeq֮M7uIqG 1==tLtR,ƜSrHYt&QP윯Lg' I,3@P'}'R˪e/%-Auv·ñ\> vDJzlӾNv5:|K/Jb6KI9)Zh*ZAi`?S {aiVDԲuy5W7pWeQJk֤#5&V<̺@/GH?^τZL|IJNvI:'P=Ϛt"¨=cud S Q.Ki0 !cJy;LJR;G{BJy޺[^8fK6)=yʊ+(k|&xQ2`L?Ȓ2@Mf 0C`6-%pKpm')c$׻K5[J*U[/#hH!6acB JA _|uMvDyk y)6OPYjœ50VT K}cǻP[ $:]4MEA.y)|B)cf-A?(e|lɉ#P9V)[9t.EiQPDѠ3ϴ;E:+Օ t ȥ~|_N2,ZJLt4! %ա]u {+=p.GhNcŞQI?Nd'yeh n7zi1DB)1S | S#ًZs2|Ɛy$F SxeX{7Vl.Src3E℃Q>b6G ўYCmtկ~=K0f(=LrAS GN'ɹ9<\!a`)֕y[uՍ[09` 9 +57ts6}b4{oqd+J5fa/,97J#6yν99mRWxJyѡyu_TJc`~W>l^q#Ts#2"nD1%fS)FU w{ܯ R{ ˎ󅃏џDsZSQS;LV;7 Od1&1n$ N /.q3~eNɪ]E#oM~}v֯FڦwyZ=<<>Xo稯lfMFV6p02|*=tV!c~]fa5Y^Q_WN|Vs 0ҘދU97OI'N2'8N֭fgg-}V%y]U4 峧p*91#9U kCac_AFңĪy뚇Y_AiuYyTTYЗ-(!JFLt›17uTozc. S;7A&&<ԋ5y;Ro+:' *eYJkWR[@F %SHWP 72k4 qLd'J "zB6{AC0ƁA6U.'F3:Ȅ(9ΜL;D]m8ڥ9}dU "v!;*13Rg^fJyShyy5auA?ɩGHRjo^]׽S)Fm\toy 4WQS@mE#%5ʈfFYDX ~D5Ϡ9tE9So_aU4?Ѽm%&c{n>.KW1Tlb}:j uGi(JgcYj0qn+>) %\!4{LaJso d||u//P_y7iRJ߬nHOy) l+@$($VFIQ9%EeKʈU. ia&FY̒mZ=)+qqoQn >L!qCiDB;Y<%} OgBxB!ØuG)WG9y(Ą{_yesuZmZZey'Wg#C~1Cev@0D $a@˲(.._GimA:uyw֬%;@!JkQVM_Ow:P.s\)ot- ˹"`B,e CRtaEUP<0'}r3[>?G8xU~Nqu;Wm8\RIkբ^5@k+5(By'L&'gBJ3ݶ!/㮻w҅ yqPWUg<e"Qy*167΃sJ\oz]T*UQ<\FԎ`HaNmڜ6DysCask8wP8y9``GJ9lF\G g's Nn͵MLN֪u$| /|7=]O)6s !ĴAKh]q_ap $HH'\1jB^s\|- W1:=6lJBqjY^LsPk""`]w)󭃈,(HC ?䔨Y$Sʣ{4Z+0NvQkhol6C.婧/u]FwiVjZka&%6\F*Ny#8O,22+|Db~d ~Çwc N:FuuCe&oZ(l;@ee-+Wn`44AMK➝2BRՈt7g*1gph9N) *"TF*R(#'88pm=}X]u[i7bEc|\~EMn}P瘊J)K.0i1M6=7'_\kaZ(Th{K*GJyytw"IO-PWJk)..axӝ47"89Cc7ĐBiZx 7m!fy|ϿF9CbȩV 9V-՛^pV̌ɄS#Bv4-@]Vxt-Z, &ֺ*diؠ2^VXbs֔Ìl.jQ]Y[47gj=幽ex)A0ip׳ W2[ᎇhuE^~q흙L} #-b۸oFJ_QP3r6jr+"nfzRJTUqoaۍ /$d8Mx'ݓ= OՃ| )$2mcM*cЙj}f };n YG w0Ia!1Q.oYfr]DyISaP}"dIӗթO67jqR ҊƐƈaɤGG|h;t]䗖oSv|iZqX)oalv;۩meEJ\!8=$4QU4Xo&VEĊ YS^E#d,yX_> ۘ-e\ "Wa6uLĜZi`aD9.% w~mB(02G[6y.773a7 /=o7D)$Z 66 $bY^\CuP. (x'"J60׿Y:Oi;F{w佩b+\Yi`TDWa~|VH)8q/=9!g߆2Y)?ND)%?Ǐ`k/sn:;O299yB=a[Ng 3˲N}vLNy;*?x?~L&=xyӴ~}q{qE*IQ^^ͧvü{Huu=R|>JyUlZV, B~/YF!Y\u_ݼF{_C)LD]m {H 0ihhadd nUkf3oٺCvE\)QJi+֥@tDJkB$1!Đr0XQ|q?d2) Ӣ_}qv-< FŊ߫%roppVBwü~JidY4:}L6M7f٬F "?71<2#?Jyy4뷢<_a7_=Q E=S1И/9{+93֮E{ǂw{))?maÆm(uLE#lïZ  ~d];+]h j?!|$F}*"4(v'8s<ŏUkm7^7no1w2ؗ}TrͿEk>p'8OB7d7R(A 9.*Mi^ͳ; eeUwS+C)uO@ =Sy]` }l8^ZzRXj[^iUɺ$tj))<sbDJfg=Pk_{xaKo1:-uyG0M ԃ\0Lvuy'ȱc2Ji AdyVgVh!{]/&}}ċJ#%d !+87<;qN޼Nفl|1N:8ya  8}k¾+-$4FiZYÔXk*I&'@iI99)HSh4+2G:tGhS^繿 Kتm0 вDk}֚+QT4;sC}rՅE,8CX-e~>G&'9xpW,%Fh,Ry56Y–hW-(v_,? ; qrBk4-V7HQ;ˇ^Gv1JVV%,ik;D_W!))+BoS4QsTM;gt+ndS-~:11Sgv!0qRVh!"Ȋ(̦Yl.]PQWgٳE'`%W1{ndΗBk|Ž7ʒR~,lnoa&:ü$ 3<a[CBݮwt"o\ePJ=Hz"_c^Z.#ˆ*x z̝grY]tdkP*:97YľXyBkD4N.C_[;F9`8& !AMO c `@BA& Ost\-\NX+Xp < !bj3C&QL+*&kAQ=04}cC!9~820G'PC9xa!w&bo_1 Sw"ܱ V )Yl3+ס2KoXOx]"`^WOy :3GO0g;%Yv㐫(R/r (s } u B &FeYZh0y> =2<Ϟc/ -u= c&׭,.0"g"7 6T!vl#sc>{u/Oh Bᾈ)۴74]x7 gMӒ"d]U)}" v4co[ ɡs 5Gg=XR14?5A}D "b{0$L .\4y{_fe:kVS\\O]c^W52LSBDM! C3Dhr̦RtArx4&agaN3Cf<Ԉp4~ B'"1@.b_/xQ} _߃҉/gٓ2Qkqp0շpZ2fԫYz< 4L.Cyυι1t@鎫Fe sYfsF}^ V}N<_`p)alٶ "(XEAVZ<)2},:Ir*#m_YӼ R%a||EƼIJ,,+f"96r/}0jE/)s)cjW#w'Sʯ5<66lj$a~3Kʛy 2:cZ:Yh))+a߭K::N,Q F'qB]={.]h85C9cr=}*rk?vwV렵ٸW Rs%}rNAkDv|uFLBkWY YkX מ|)1!$#3%y?pF<@<Rr0}: }\J [5FRxY<9"SQdE(Q*Qʻ)q1E0B_O24[U'],lOb ]~WjHޏTQ5Syu wq)xnw8~)c 쫬gٲߠ H% k5dƝk> kEj,0% b"vi2Wس_CuK)K{n|>t{P1򨾜j>'kEkƗBg*H%'_aY6Bn!TL&ɌOb{c`'d^{t\i^[uɐ[}q0lM˕G:‚4kb祔c^:?bpg… +37stH:0}en6x˟%/<]BL&* 5&fK9Mq)/iyqtA%kUe[ڛKN]Ě^,"`/ s[EQQm?|XJ߅92m]G.E΃ח U*Cn.j_)Tѧj̿30ڇ!A0=͜ar I3$C^-9#|pk!)?7.x9 @OO;WƝZBFU keZ75F6Tc6"ZȚs2y/1 ʵ:u4xa`C>6Rb/Yм)^=+~uRd`/|_8xbB0?Ft||Z\##|K 0>>zxv8۴吅q 8ĥ)"6>~\8:qM}#͚'ĉ#p\׶ l#bA?)|g g9|8jP(cr,BwV (WliVxxᡁ@0Okn;ɥh$_ckCgriv}>=wGzβ KkBɛ[˪ !J)h&k2%07δt}!d<9;I&0wV/ v 0<H}L&8ob%Hi|޶o&h1L|u֦y~󛱢8fٲUsւ)0oiFx2}X[zVYr_;N(w]_4B@OanC?gĦx>мgx>ΛToZoOMp>40>V Oy V9iq!4 LN,ˢu{jsz]|"R޻&'ƚ{53ўFu(<٪9:΋]B;)B>1::8;~)Yt|0(pw2N%&X,URBK)3\zz&}ax4;ǟ(tLNg{N|Ǽ\G#C9g$^\}p?556]/RP.90 k,U8/u776s ʪ_01چ|\N 0VV*3H鴃J7iI!wG_^ypl}r*jɤSR 5QN@ iZ#1ٰy;_\3\BQQ x:WJv츟ٯ$"@6 S#qe딇(/P( Dy~TOϻ<4:-+F`0||;Xl-"uw$Цi󼕝mKʩorz"mϺ$F:~E'ҐvD\y?Rr8_He@ e~O,T.(ފR*cY^m|cVR[8 JҡSm!ΆԨb)RHG{?MpqrmN>߶Y)\p,d#xۆWY*,l6]v0h15M˙MS8+EdI='LBJIH7_9{Caз*Lq,dt >+~ّeʏ?xԕ4bBAŚjﵫ!'\Ը$WNvKO}ӽmSşذqsOy?\[,d@'73'j%kOe`1.g2"e =YIzS2|zŐƄa\U,dP;jhhhaxǶ?КZ՚.q SE+XrbOu%\GتX(H,N^~]JyEZQKceTQ]VGYqnah;y$cQahT&QPZ*iZ8UQQM.qo/T\7X"u?Mttl2Xq(IoW{R^ ux*SYJ! 4S.Jy~ BROS[V|žKNɛP(L6V^|cR7i7nZW1Fd@ Ara{詑|(T*dN]Ko?s=@ |_EvF]׍kR)eBJc" MUUbY6`~V޴dJKß&~'d3i WWWWWW

F1l3 Manager

Current Directory: /opt/saltstack/salt/lib/python3.10/site-packages/salt/states
/opt/saltstack/salt/lib/python3.10/site-packages/salt/states/
Viewing File: /opt/saltstack/salt/lib/python3.10/site-packages/salt/states/ssh_auth.py
""" Control of entries in SSH authorized_key files ============================================== The information stored in a user's SSH authorized key file can be easily controlled via the ssh_auth state. Defaults can be set by the enc, options, and comment keys. These defaults can be overridden by including them in the name. Since the YAML specification limits the length of simple keys to 1024 characters, and since SSH keys are often longer than that, you may have to use a YAML 'explicit key', as demonstrated in the second example below. .. code-block:: yaml AAAAB3NzaC1kc3MAAACBAL0sQ9fJ5bYTEyY==: ssh_auth.present: - user: root - enc: ssh-dss ? AAAAB3NzaC1kc3MAAACBAL0sQ9fJ5bYTEyY==... : ssh_auth.present: - user: root - enc: ssh-dss thatch: ssh_auth.present: - user: root - source: salt://ssh_keys/thatch.id_rsa.pub - config: '%h/.ssh/authorized_keys' sshkeys: ssh_auth.present: - user: root - enc: ssh-rsa - options: - option1="value1" - option2="value2 flag2" - comment: myuser - names: - AAAAB3NzaC1kc3MAAACBAL0sQ9fJ5bYTEyY== - ssh-dss AAAAB3NzaCL0sQ9fJ5bYTEyY== user@domain - option3="value3" ssh-dss AAAAB3NzaC1kcQ9J5bYTEyY== other@testdomain - AAAAB3NzaC1kcQ9fJFF435bYTEyY== newcomment sshkeys: ssh_auth.manage: - user: root - enc: ssh-rsa - options: - option1="value1" - option2="value2 flag2" - comment: myuser - ssh_keys: - AAAAB3NzaC1kc3MAAACBAL0sQ9fJ5bYTEyY== - ssh-dss AAAAB3NzaCL0sQ9fJ5bYTEyY== user@domain - option3="value3" ssh-dss AAAAB3NzaC1kcQ9J5bYTEyY== other@testdomain - AAAAB3NzaC1kcQ9fJFF435bYTEyY== newcomment """ import re import sys def _present_test( user, name, enc, comment, options, source, config, fingerprint_hash_type ): """ Run checks for "present" """ result = None if source: keys = __salt__["ssh.check_key_file"]( user, source, config, saltenv=__env__, fingerprint_hash_type=fingerprint_hash_type, ) if keys: comment = "" for key, status in keys.items(): if status == "exists": continue comment += f"Set to {status}: {key}\n" if comment: return result, comment err = sys.modules[__salt__["test.ping"].__module__].__context__.pop( "ssh_auth.error", None ) if err: return False, err else: return ( True, f"All host keys in file {source} are already present", ) else: # check if this is of form {options} {enc} {key} {comment} sshre = re.compile(r"^(.*?)\s?((?:sk-)?(?:ssh\-|ecds)[\w-]+\s.+)$") fullkey = sshre.search(name) # if it is {key} [comment] if not fullkey: key_and_comment = name.split() name = key_and_comment[0] if len(key_and_comment) == 2: comment = key_and_comment[1] else: # if there are options, set them if fullkey.group(1): options = fullkey.group(1).split(",") # key is of format: {enc} {key} [comment] comps = fullkey.group(2).split() enc = comps[0] name = comps[1] if len(comps) == 3: comment = comps[2] check = __salt__["ssh.check_key"]( user, name, enc, comment, options, config=config, fingerprint_hash_type=fingerprint_hash_type, ) if check == "update": comment = f"Key {name} for user {user} is set to be updated" elif check == "add": comment = f"Key {name} for user {user} is set to be added" elif check == "exists": result = True comment = "The authorized host key {} is already present for user {}".format( name, user ) return result, comment def _absent_test( user, name, enc, comment, options, source, config, fingerprint_hash_type ): """ Run checks for "absent" """ result = None if source: keys = __salt__["ssh.check_key_file"]( user, source, config, saltenv=__env__, fingerprint_hash_type=fingerprint_hash_type, ) if keys: comment = "" for key, status in list(keys.items()): if status == "add": continue comment += f"Set to remove: {key}\n" if comment: return result, comment err = sys.modules[__salt__["test.ping"].__module__].__context__.pop( "ssh_auth.error", None ) if err: return False, err else: return (True, f"All host keys in file {source} are already absent") else: # check if this is of form {options} {enc} {key} {comment} sshre = re.compile(r"^(.*?)\s?((?:sk-)?(?:ssh\-|ecds)[\w-]+\s.+)$") fullkey = sshre.search(name) # if it is {key} [comment] if not fullkey: key_and_comment = name.split() name = key_and_comment[0] if len(key_and_comment) == 2: comment = key_and_comment[1] else: # if there are options, set them if fullkey.group(1): options = fullkey.group(1).split(",") # key is of format: {enc} {key} [comment] comps = fullkey.group(2).split() enc = comps[0] name = comps[1] if len(comps) == 3: comment = comps[2] check = __salt__["ssh.check_key"]( user, name, enc, comment, options, config=config, fingerprint_hash_type=fingerprint_hash_type, ) if check == "update" or check == "exists": comment = f"Key {name} for user {user} is set for removal" else: comment = "Key is already absent" result = True return result, comment def present( name, user, enc="ssh-rsa", comment="", source="", options=None, config=".ssh/authorized_keys", fingerprint_hash_type=None, **kwargs, ): """ Verifies that the specified SSH key is present for the specified user name The SSH key to manage user The user who owns the SSH authorized keys file to modify enc Defines what type of key is being used, can be ed25519, ecdsa, ssh-rsa, ssh-dss or any other type as of openssh server version 8.7. comment The comment to be placed with the SSH public key source The source file for the key(s). Can contain any number of public keys, in standard "authorized_keys" format. If this is set, comment and enc will be ignored. .. note:: The source file must contain keys in the format ``<enc> <key> <comment>``. If you have generated a keypair using PuTTYgen, then you will need to do the following to retrieve an OpenSSH-compatible public key. 1. In PuTTYgen, click ``Load``, and select the *private* key file (not the public key), and click ``Open``. 2. Copy the public key from the box labeled ``Public key for pasting into OpenSSH authorized_keys file``. 3. Paste it into a new file. options The options passed to the key, pass a list object config The location of the authorized keys file relative to the user's home directory, defaults to ".ssh/authorized_keys". Token expansion %u and %h for username and home path supported. fingerprint_hash_type The public key fingerprint hash type that the public key fingerprint was originally hashed with. This defaults to ``sha256`` if not specified. """ ret = {"name": name, "changes": {}, "result": True, "comment": ""} if source == "": # check if this is of form {options} {enc} {key} {comment} sshre = re.compile(r"^(.*?)\s?((?:sk-)?(?:ssh\-|ecds)[\w-]+\s.+)$") fullkey = sshre.search(name) # if it is {key} [comment] if not fullkey: key_and_comment = name.split(None, 1) name = key_and_comment[0] if len(key_and_comment) == 2: comment = key_and_comment[1] else: # if there are options, set them if fullkey.group(1): options = fullkey.group(1).split(",") # key is of format: {enc} {key} [comment] comps = fullkey.group(2).split(None, 2) enc = comps[0] name = comps[1] if len(comps) == 3: comment = comps[2] if __opts__["test"]: ret["result"], ret["comment"] = _present_test( user, name, enc, comment, options or [], source, config, fingerprint_hash_type, ) return ret # Get only the path to the file without env referrences to check if exists if source != "": source_path = __salt__["cp.get_url"](source, None, saltenv=__env__) if source != "" and not source_path: data = "no key" elif source != "" and source_path: key = __salt__["cp.get_file_str"](source, saltenv=__env__) filehasoptions = False # check if this is of form {options} {enc} {key} {comment} sshre = re.compile(r"^(sk-)?(ssh\-|ecds).*") key = key.rstrip().split("\n") for keyline in key: filehasoptions = sshre.match(keyline) if not filehasoptions: data = __salt__["ssh.set_auth_key_from_file"]( user, source, config=config, saltenv=__env__, fingerprint_hash_type=fingerprint_hash_type, ) else: # Split keyline to get key and comment keyline = keyline.split(" ") key_type = keyline[0] key_value = keyline[1] key_comment = keyline[2] if len(keyline) > 2 else "" data = __salt__["ssh.set_auth_key"]( user, key_value, enc=key_type, comment=key_comment, options=options or [], config=config, fingerprint_hash_type=fingerprint_hash_type, ) else: data = __salt__["ssh.set_auth_key"]( user, name, enc=enc, comment=comment, options=options or [], config=config, fingerprint_hash_type=fingerprint_hash_type, ) if data == "replace": ret["changes"][name] = "Updated" ret["comment"] = "The authorized host key {} for user {} was updated".format( name, user ) return ret elif data == "no change": ret["comment"] = ( "The authorized host key {} is already present for user {}".format( name, user ) ) elif data == "new": ret["changes"][name] = "New" ret["comment"] = "The authorized host key {} for user {} was added".format( name, user ) elif data == "no key": ret["result"] = False ret["comment"] = "Failed to add the ssh key. Source file {} is missing".format( source ) elif data == "fail": ret["result"] = False err = sys.modules[__salt__["test.ping"].__module__].__context__.pop( "ssh_auth.error", None ) if err: ret["comment"] = err else: ret["comment"] = ( "Failed to add the ssh key. Is the home " "directory available, and/or does the key file " "exist?" ) elif data == "invalid" or data == "Invalid public key": ret["result"] = False ret["comment"] = ( "Invalid public ssh key, most likely has spaces or invalid syntax" ) return ret def absent( name, user, enc="ssh-rsa", comment="", source="", options=None, config=".ssh/authorized_keys", fingerprint_hash_type=None, ): """ Verifies that the specified SSH key is absent name The SSH key to manage user The user who owns the SSH authorized keys file to modify enc Defines what type of key is being used, can be ed25519, ecdsa, ssh-rsa, ssh-dss or any other type as of openssh server version 8.7. comment The comment to be placed with the SSH public key options The options passed to the key, pass a list object source The source file for the key(s). Can contain any number of public keys, in standard "authorized_keys" format. If this is set, comment, enc and options will be ignored. .. versionadded:: 2015.8.0 config The location of the authorized keys file relative to the user's home directory, defaults to ".ssh/authorized_keys". Token expansion %u and %h for username and home path supported. fingerprint_hash_type The public key fingerprint hash type that the public key fingerprint was originally hashed with. This defaults to ``sha256`` if not specified. .. versionadded:: 2016.11.7 """ ret = {"name": name, "changes": {}, "result": True, "comment": ""} if __opts__["test"]: ret["result"], ret["comment"] = _absent_test( user, name, enc, comment, options or [], source, config, fingerprint_hash_type, ) return ret # Extract Key from file if source is present if source != "": key = __salt__["cp.get_file_str"](source, saltenv=__env__) filehasoptions = False # check if this is of form {options} {enc} {key} {comment} sshre = re.compile(r"^(sk-)?(ssh\-|ecds).*") key = key.rstrip().split("\n") for keyline in key: filehasoptions = sshre.match(keyline) if not filehasoptions: ret["comment"] = __salt__["ssh.rm_auth_key_from_file"]( user, source, config, saltenv=__env__, fingerprint_hash_type=fingerprint_hash_type, ) else: # Split keyline to get key keyline = keyline.split(" ") ret["comment"] = __salt__["ssh.rm_auth_key"]( user, keyline[1], config=config, fingerprint_hash_type=fingerprint_hash_type, ) else: # Get just the key sshre = re.compile(r"^(.*?)\s?((?:sk-)?(?:ssh\-|ecds)[\w-]+\s.+)$") fullkey = sshre.search(name) # if it is {key} [comment] if not fullkey: key_and_comment = name.split(None, 1) name = key_and_comment[0] if len(key_and_comment) == 2: comment = key_and_comment[1] else: # if there are options, set them if fullkey.group(1): options = fullkey.group(1).split(",") # key is of format: {enc} {key} [comment] comps = fullkey.group(2).split() enc = comps[0] name = comps[1] if len(comps) == 3: comment = comps[2] ret["comment"] = __salt__["ssh.rm_auth_key"]( user, name, config=config, fingerprint_hash_type=fingerprint_hash_type ) if ret["comment"] == "User authorized keys file not present": ret["result"] = False return ret elif ret["comment"] == "Key removed": ret["changes"][name] = "Removed" return ret def manage( name, ssh_keys, user, enc="ssh-rsa", comment="", source="", options=None, config=".ssh/authorized_keys", fingerprint_hash_type=None, **kwargs, ): """ .. versionadded:: 3000 Ensures that only the specified ssh_keys are present for the specified user ssh_keys The SSH key to manage user The user who owns the SSH authorized keys file to modify enc Defines what type of key is being used, can be ed25519, ecdsa, ssh-rsa, ssh-dss or any other type as of openssh server version 8.7. comment The comment to be placed with the SSH public key source The source file for the key(s). Can contain any number of public keys, in standard "authorized_keys" format. If this is set, comment and enc will be ignored. .. note:: The source file must contain keys in the format ``<enc> <key> <comment>``. If you have generated a keypair using PuTTYgen, then you will need to do the following to retrieve an OpenSSH-compatible public key. 1. In PuTTYgen, click ``Load``, and select the *private* key file (not the public key), and click ``Open``. 2. Copy the public key from the box labeled ``Public key for pasting into OpenSSH authorized_keys file``. 3. Paste it into a new file. options The options passed to the keys, pass a list object config The location of the authorized keys file relative to the user's home directory, defaults to ".ssh/authorized_keys". Token expansion %u and %h for username and home path supported. fingerprint_hash_type The public key fingerprint hash type that the public key fingerprint was originally hashed with. This defaults to ``sha256`` if not specified. """ ret = {"name": "", "changes": {}, "result": True, "comment": ""} all_potential_keys = [] for ssh_key in ssh_keys: # gather list potential ssh keys for removal comparison # options, enc, and comments could be in the mix all_potential_keys.extend(ssh_key.split(" ")) existing_keys = __salt__["ssh.auth_keys"]( user=user, config=config, fingerprint_hash_type=fingerprint_hash_type ).keys() remove_keys = set(existing_keys).difference(all_potential_keys) for remove_key in remove_keys: if __opts__["test"]: remove_comment = f"{remove_key} Key set for removal" ret["comment"] = remove_comment ret["result"] = None else: remove_comment = absent( remove_key, user, enc=enc, comment=comment, source=source, options=options, config=config, fingerprint_hash_type=fingerprint_hash_type, **kwargs, )["comment"] ret["changes"][remove_key] = remove_comment for ssh_key in ssh_keys: run_return = present( ssh_key, user, enc, comment, source, options, config, fingerprint_hash_type, **kwargs, ) if run_return["changes"]: ret["changes"].update(run_return["changes"]) else: ret["comment"] += "\n" + run_return["comment"] ret["comment"] = ret["comment"].strip() if run_return["result"] is None: ret["result"] = None elif not run_return["result"]: ret["result"] = False return ret
webs 1.0 - Enhanced UI