%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /lib/python2.7/site-packages/salt/modules/
Upload File :
Create Path :
Current File : //lib/python2.7/site-packages/salt/modules/ssh.pyc

�
���^c@@s�dZddlmZmZmZddlZddlZddlZddlZddl	Z	ddl
Z
ddlZddl
ZddlZddlZddlZddlZddlZddlmZmZddlmZddlmZeje�ZdZejr!ddlZnd�Z d	�Z!d
�Z"d�Z#d�Z$d
dddd�Z&d�Z'd�Z(ddd�Z)de*e*d�Z+dddd�Z,dddd�Z-dddd�Z.dddd�Z/ddd�Z0dddd�Z1d
dddddd�Z2d�Z3dd�Z4ej5j6j7j8d�dddd ��Z9ej5j6j7j8d�dddd!��Z:ej5j6j7j8d"�dde*d#dd$��Z;ej5j6j7j8d"�dde*d#dd%��Z<dddddddd&�Z=ddddd'�Z>ddddddde*d#dd(�
Z?dddd)�Z@ej5j6j7j8d�ddd*��ZAed+�ZBd,�ZCdS(-u�
Manage client ssh components

.. note::

    This module requires the use of MD5 hashing. Certain security audits may
    not permit the use of MD5. For those cases, this module should be disabled
    or removed.
i(tabsolute_importtunicode_literalstprint_functionN(tSaltInvocationErrortCommandExecutionError(tsix(trangeicC@s#tjjjd�stdfStS(Nusshu#The module requires the ssh binary.(tsalttutilstpathtwhichtFalsetTrue(((s4/usr/lib/python2.7/site-packages/salt/modules/ssh.pyt__virtual__-s
cC@s�dddg}ddddg}dd	d
ddg}d
dg}||krRdS||krbdS||kr�|dkr~dS|S||kr�dStdj|���dS(u�
    Return the properly formatted ssh value for the authorized encryption key
    type. ecdsa defaults to 256 bits, must give full ecdsa enc schema string
    if using higher enc. If the type is not found, raise CommandExecutionError.
    urursaussh-rsaududsaudssussh-dssueuecdsauecdsa-sha2-nistp521uecdsa-sha2-nistp384uecdsa-sha2-nistp256ued25519ussh-ed25519u$Incorrect encryption key type '{0}'.N(ueuecdsa(Rtformat(tenctrsatdsstecdsated25519((s4/usr/lib/python2.7/site-packages/salt/modules/ssh.pyt_refine_enc3s"	cC@sHd}|r+|djdj|��7}n|dj|||�7}|S(u%
    Properly format user input.
    uu{0} u,u{0} {1} {2}
(Rtjoin(tkeyRtcommenttoptionstline((s4/usr/lib/python2.7/site-packages/salt/modules/ssh.pyt_format_auth_lineRs
cC@s�d}t}x�|D]�}|r�t}|dkr>|d7}q|dkrW||7}q|dkrp||7}qdj|�}t|��qq|dkr�t}q||7}qW|r�d}t|��n|S(uQ
    Expand the AuthorizedKeysFile expression. Defined in man sshd_config(5)
    uu%uuuhu7AuthorizedKeysFile path: unknown token character "%{0}"uAAuthorizedKeysFile path: Last character can't be escape character(RRRR(R	tuserthometconverted_patht
had_escapetcharterror((s4/usr/lib/python2.7/site-packages/salt/modules/ssh.pyt_expand_authorized_keys_path]s*



	cC@sxtd|�}|s.tdj|���n|d}t|||�}tjj|�sttjj||�}n|S(u3
    Get absolute path to a user's ssh_config.
    u	user.infouUser '{0}' does not existuhome(t__salt__RRR!tosR	tisabsR(RtconfigtuinfoR((s4/usr/lib/python2.7/site-packages/salt/modules/ssh.pyt_get_config_filezs
ussh-rsauu.ssh/authorized_keysc
C@s�t||||pg�}g}t||�}yAtjjj|d��#}	x�|	D]�}
tjjj|
j��}
|
dkr�qUn|
d7}
|
j	d�r�|j
|
�qUntjd|
�}t
|�dkrt
|d�dkr|dd|kr|j
|�qU|j
|
�qUW|	j�tjjj|d��#}	|	jtjjj|��Wd	QXWd	QXWn.ttfk
r�}td
j|���nXd	S(u!
    Replace an existing key
    uruu
u#uK((.*)\s)?(ssh-[a-z0-9-]+|ecdsa-[a-z0-9-]+)\s([a-zA-Z0-9+/]+={0,2})(\s(.*))?iiuwbNu+Problem reading or writing to key file: {0}(RR'RRtfilestfopentstringutilst
to_unicodetstript
startswithtappendtretfindalltlentcloset
writelinestdatatencodetIOErrortOSErrorRR(
RRRRRR%t	auth_linetlinestfullt_fhRtcompstexc((s4/usr/lib/python2.7/site-packages/salt/modules/ssh.pyt_replace_auth_key�s.


<
,cC@s�i}tjd�}yhtjjj|d��J}x@|D]8}tjjj|j��}|dkrmq:n|d7}|j	d�r�q:ntj
||�}|s�q:n|jd�}|jd�j�}t
|�dkr�q:n|r�|jd�}	ng}	|d	}
|d}d
j|d�}t||�}
|
dkrLq:ni|
d6|d6|	d
6|
d6||<q:WWdQXWn,ttfk
r�tdj|���nX|S(uD
    Return a dict containing validated keys in the passed file
    u$^(.*?)\s?((?:ssh\-|ecds)[\w-]+\s.+)$uruu
u#iiu,iu uencucommentuoptionsufingerprintNu Problem reading ssh key file {0}(R/tcompileRRR(R)R*R+R,R-tsearchtgrouptsplitR1Rt_fingerprinttNoneR6R7RR(tkey_filetfingerprint_hash_typetrettlinereR;RR@toptsR<RRRRtfingerprint((s4/usr/lib/python2.7/site-packages/salt/modules/ssh.pyt_validate_keys�sF




cC@s�|r|j�}nd}ytt|�}Wn&tk
rVtdj|���nXy4tjru|jd�}nt	j
|dt�}Wntj
k
r�dSX||�j�}gtdt|�d�D]}|||d!^q�}dj|�S(	u{
    Return a public key fingerprint based on its base64-encoded representation

    The fingerprint string is formatted according to RFC 4716 (ch.4), that is,
    in the form "xx:xx:...:xx"

    If the key is invalid (incorrect base64 string), return None

    public_key
        The public key to return the fingerprint for

    fingerprint_hash_type
        The public key fingerprint hash type that the public key fingerprint
        was originally hashed with. This defaults to ``sha256`` if not specified.

        .. versionadded:: 2016.11.4
        .. versionchanged:: 2017.7.0: default changed from ``md5`` to ``sha256``

    usha256u/The fingerprint_hash_type {0} is not supported.ubase64tvalidateiiu:N(tlowertgetattrthashlibtAttributeErrorRRRtPY2tdecodetbase64t	b64decodeRtbinasciitErrorRDt	hexdigestRR1R(t
public_keyRFt	hash_typet	hash_functraw_keyRGtitchunks((s4/usr/lib/python2.7/site-packages/salt/modules/ssh.pyRC�s$
	6cC@s�|r|pd}n|pd}tjj|�r<|}ne|r�td|�}|ssidd6dj|�d6Stjj|d|�}nidd6dd6S|S(	Nu.ssh/known_hostsu/etc/ssh/ssh_known_hostsu	user.infouerrorustatusuUser {0} does not existuhomeu'Cannot determine absolute path to file.(R#R	R$R"RR(R%RR:R&((s4/usr/lib/python2.7/site-packages/salt/modules/ssh.pyt_get_known_hosts_file!s	
c	C@s�|s.tddkrd}q.td��ni}tjd�}x�tj|�D]x}|j|�}|rS|jd�r�|tkr�t	j
d|�qSn|jd�r�|tkr�t	j
d	|�qSn|jd
�}|jd�r||jd�7}ny�tjj
jtjj||�d��r}tjjj|j��||<||dkr�||ctjjj|j��7<n||j�||<Wd
QXWq�ttfk
r�d||<q�XqSqSW|S(u
    Return the minion's host keys

    CLI Example:

    .. code-block:: bash

        salt '*' ssh.host_keys
        salt '*' ssh.host_keys keydir=/etc/ssh
        salt '*' ssh.host_keys keydir=/etc/ssh private=False
        salt '*' ssh.host_keys keydir=/etc/ssh certs=False
    ukerneluLinuxu/etc/sshu&ssh.host_keys: Please specify a keydiru8ssh_host_(?P<type>.+)_key(?P<pub>(?P<cert>-cert)?\.pub)?upubu7Skipping private key file %s as private is set to Falseucertu-Skipping key file %s as certs is set to Falseutypeuru SSH PRIVATE KEY FILE FORMAT 1.1
Nu(t
__grains__RR/R?R#tlistdirtmatchRARtlogtinfoRRR(R)R	RR*R+treadlinetreadR,R6R7(	tkeydirtprivatetcertstkeystfnretfn_tmtknameR;((s4/usr/lib/python2.7/site-packages/salt/modules/ssh.pyt	host_keys9s>			*(cC@s�|std�}nt}t|t�s=|g}t}ni}xi|D]a}d}yt||�}Wntk
r|nX|rJtj	j
|�rJt||�||<qJqJW|r�|d|kr�||dSiSn|S(u�
    Return the authorized keys for users

    CLI Example:

    .. code-block:: bash

        salt '*' ssh.auth_keys
        salt '*' ssh.auth_keys root
        salt '*' ssh.auth_keys user=root
        salt '*' ssh.auth_keys user="[user1, user2]"
    uuser.list_usersiN(R"Rt
isinstancetlistRRDR'RR#R	tisfileRK(RR%RFtold_output_when_one_userRituR:((s4/usr/lib/python2.7/site-packages/salt/modules/ssh.pyt	auth_keysts(		

ubasec
C@s�td||�}|siSt||�}|s\dj|�}tj|�|td<iSi}xN|D]F}	t||	||	d||	d||	dd|d|�||	<qiW|Sd	S(
u�
    Check a keyfile from a source destination against the local keys and
    return the keys to change

    CLI Example:

    .. code-block:: bash

        salt '*' ssh.check_key_file root salt://ssh/keyfile
    u
cp.cache_fileu4No keys detected in {0}. Is file properly formatted?ussh_auth.erroruencucommentuoptionsR%RFN(R"RKRRbR t__context__t	check_key(
RtsourceR%tsaltenvRFtkeyfilets_keysterrRGR((s4/usr/lib/python2.7/site-packages/salt/modules/ssh.pytcheck_key_file�s*	


cC@s�|d	krg}nt|�}t|d|d|�}t||||�}	||kr�t|||d||d||d�}
|
|	kr�dSndSdS(
u�
    Check to see if a key needs updating, returns "update", "add" or "exists"

    CLI Example:

    .. code-block:: bash

        salt '*' ssh.check_key <user> <key> <enc> <comment> <options>
    R%RFuencucommentuoptionsuupdateuadduexistsN(RDRRtR(RRRRRR%t
cache_keysRFtcurrenttnlinetcline((s4/usr/lib/python2.7/site-packages/salt/modules/ssh.pyRv�s 			c
	C@s�td||�}tjj|�s4td��nt||�}|ssdj|�}tj|�|t	d<dSd}x-|D]%}	|t
||	d|d|�7}q�Wd	|kr�d	Sd
|kr�d
SdSdS(
u�
    Remove an authorized key from the specified user's authorized key file,
    using a file as source

    CLI Example:

    .. code-block:: bash

        salt '*' ssh.rm_auth_key_from_file <user> salt://ssh_keys/<user>.id_rsa.pub
    u
cp.cache_fileu-Failed to pull key file from salt file serveru4No keys detected in {0}. Is file properly formatted?ussh_auth.errorufailuR%RFuKey not removeduKey removeduKey not presentN(R"R#R	RqRRKRRbR Rutrm_auth_key(
RRwR%RxRFtlfileRzR{trvalR((s4/usr/lib/python2.7/site-packages/salt/modules/ssh.pytrm_auth_key_from_file�s.	


cC@s�t|d|d|�}tjd�}||kr�t||�}tjj|�sadj|�Sg}yMtj	j
j|d���}x�|D]�}	tj	jj
|	j��}	|	dkr�q�n|	d7}	|	jd�r�|j|	�q�ntj||	�}
|
s	q�n|
jd	�j�}t|�d	krC|j|	�q�n|d
}||kr_q�n|j|	�q�WWdQXtj	j
j|d��#}|jtj	jj|��WdQXWn*ttfk
r�}
tjd
|
�dSXdSdS(u�
    Remove an authorized key from the specified user's authorized key file

    CLI Example:

    .. code-block:: bash

        salt '*' ssh.rm_auth_key <user> <key>
    R%RFu$^(.*?)\s?((?:ssh\-|ecds)[\w-]+\s.+)$u$Authorized keys file {0} not presenturuu
u#iiNuwbu!Could not read/write key file: %suKey not removeduKey removeduKey not present(RtR/R?R'R#R	RqRRRR(R)R*R+R,R-R.R@RARBR1R3R4R5R6R7Rbtwarning(RRR%RFR~RHR:R9R;RR@R<tpkeyR=((s4/usr/lib/python2.7/site-packages/salt/modules/ssh.pyR�,sL
		





&	c
C@std||�}tjj|�s4td��nt||�}|ssdj|�}tj|�|t	d<dSd}xi|D]a}	|t
||	d||	dd	||	d
d||	dd
|dt|j��d|�7}q�Wd|kr�dSd|krdSd|krdSdSdS(u�
    Add a key to the authorized_keys file, using a file as the source.

    CLI Example:

    .. code-block:: bash

        salt '*' ssh.set_auth_key_from_file <user> salt://ssh_keys/<user>.id_rsa.pub
    u
cp.cache_fileu-Failed to pull key file from salt file serveru4No keys detected in {0}. Is file properly formatted?ussh_auth.errorufailuRuencRucommentRuoptionsR%R}RFureplaceunewu	no changeN(
R"R#R	RqRRKRRbR Rutset_auth_keyRpRi(
RRwR%RxRFR�RzR{R�R((s4/usr/lib/python2.7/site-packages/salt/modules/ssh.pytset_auth_key_from_fileys:	


cC@s�|dkrg}nt|j��dkr1dSt|�}td|�}|sWdSt||�dk	}	|	svdSt|||||d|d|d|�}
|
d	kr�t|||||p�g|�d
S|
dkr�dSt||||�}t	||�}|j
d
d�}
|j|
�r;tj
j|
�r;dStj
jtj
j|��stj
j|�}tj|�tjjj�s�tj�dkr�tj||d|d�ntj|d�ntjj
jd�}|r||g}tj|�qntj
j|�s"t}nt}y�tjjj|d���}|tkr�|j dd�|j!�dkr�|j dd�|j"d�dkr�|j#d�q�q�n|j#tjj$j%|��WdQXWn4t&t'fk
r}d}t(|j)|���nX|r�tjjj�sdtj�dkrQtj||d|d�ntj|d�ntjj
jd�}|r�||g}tj|�q�ndSdS(uh
    Add a key to the authorized_keys file. The "key" parameter must only be the
    string of text that is the encoded key. If the key begins with "ssh-rsa"
    or ends with user@host, remove those from the key before passing it to this
    function.

    CLI Example:

    .. code-block:: bash

        salt '*' ssh.set_auth_key <user> '<key>' enc='dsa'
    iuinvalidu	user.infoufailuInvalid public keyR%R}RFuupdateureplaceuexistsu	no changeuhomeuiuuidugidi�u
restoreconuab+ii����s
Nu Could not write to key file: {0}i�unew(*RDR1RBRR"RCRvR>RR'tgetR-R#R	tisdirtdirnametmakedirsRRtplatformt
is_windowstgeteuidtchowntchmodR
t
subprocesstcallRqRRR(R)tseekttellRetwriteR*tto_bytesR6R7RR(RRRRRR%R}RFR&tkey_is_validtstatusR8tfconfigtudirtdpathtrcontcmdtnew_fileR;R=tmsg((s4/usr/lib/python2.7/site-packages/salt/modules/ssh.pyR��s�		"
	&cc@s�|r|nd}x~t|�D]p\}}|ddkrt|j�j�d�}||dj�j�d}||kr�qn|VqqWdS(u�
    Helper function which parses ssh-keygen -F function output and yield line
    number of known_hosts entries with encryption key type matching enc,
    one by one.
    ursaiii����ii����N(t	enumeratetintR,RB(R9RR\Rtline_notline_enc((s4/usr/lib/python2.7/site-packages/salt/modules/ssh.pyt_get_matched_host_line_numbersscc@s�x�|D]�}|j�}|dkr+qn|d7}|jd�rJqny|j�\}}}Wntk
ryqnXt|d|�}|s�qni|d6|d6|d6|d6VqWd	S(
u�
    Helper function which parses ssh-keygen -F and ssh-keyscan function output
    and yield dict with keys information, one by one.
    uu
u#RFuhostnameukeyuencufingerprintN(R,R-RBt
ValueErrorRC(R9RFRthostnameRRRJ((s4/usr/lib/python2.7/site-packages/salt/modules/ssh.pyt_parse_openssh_output.s"


		u
ssh-keygencC@s@tjjjdd�t|||||�}|r<|dSdS(ub
    .. deprecated:: 2018.3.0
        Use :py:func:`ssh.get_known_host_entries
        <salt.modules.ssh.get_known_host_entries>` instead.

    Return information about known host from the configfile, if any.
    If there is no such key, return None.

    CLI Example:

    .. code-block:: bash

        salt '*' ssh.get_known_host <user> <hostname>
    uNeonuy'get_known_host' has been deprecated in favor of 'get_known_host_entries'. 'get_known_host' will be removed in Salt Neon.iN(RRtversionst
warn_untiltget_known_host_entriesRD(RR�R%tportRFtknown_hosts((s4/usr/lib/python2.7/site-packages/salt/modules/ssh.pytget_known_hostHs
c
C@s�td|d|�}t|t�r(|St||�}dd|d|g}td|dtdt�j�}tt	|d	|��}	|	r�|	Sd
S(u
    .. versionadded:: 2018.3.0

    Return information about known host entries from the configfile, if any.
    If there are no entries for a matching hostname, return None.

    CLI Example:

    .. code-block:: bash

        salt '*' ssh.get_known_host_entries <user> <hostname>
    R%Ru
ssh-keygenu-Fu-fucmd.runtignore_retcodetpython_shellRFN(R^Rotdictt"_hostname_and_port_to_ssh_hostnameR"RRt
splitlinesRpR�RD(
RR�R%R�RFR:tssh_hostnameR�R9tknown_host_entries((s4/usr/lib/python2.7/site-packages/salt/modules/ssh.pyR�fs
	ussh-keyscanicC@sCtjjjdd�t||||||�}|r?|dSdS(u�
    Retrieve information about host public key from remote server

    .. deprecated:: 2018.3.0
        Use :py:func:`ssh.recv_known_host_entries
        <salt.modules.ssh.recv_known_host_entries>` instead.

    hostname
        The name of the remote host (e.g. "github.com")

    enc
        Defines what type of key is being used, can be ed25519, ecdsa ssh-rsa
        or ssh-dss

    port
        Optional parameter, denoting the port of the remote host on which an
        SSH daemon is running. By default the port 22 is used.

    hash_known_hosts : True
        Hash all hostnames and addresses in the known hosts file.

    timeout : int
        Set the timeout for connection attempts.  If ``timeout`` seconds have
        elapsed since a connection was initiated to a host or since the last
        time anything was read from that host, then the connection is closed
        and the host in question considered unavailable.  Default is 5 seconds.

        .. versionadded:: 2016.3.0

    fingerprint_hash_type
        The fingerprint hash type that the public key fingerprints were
        originally hashed with. This defaults to ``sha256`` if not specified.

        .. versionadded:: 2016.11.4
        .. versionchanged:: 2017.7.0: default changed from ``md5`` to ``sha256``

    CLI Example:

    .. code-block:: bash

        salt '*' ssh.recv_known_host <hostname> enc=<enc> port=<port>
    uNeonu|'recv_known_host' has been deprecated in favor of 'recv_known_host_entries'. 'recv_known_host' will be removed in Salt Neon.iN(RRR�R�trecv_known_host_entriesRD(R�RR�thash_known_hoststtimeoutRFR�((s4/usr/lib/python2.7/site-packages/salt/modules/ssh.pytrecv_known_host�s
1cC@s*d}dg}|r+|jd|g�n|rG|jd|g�n|rytjd�|kry|jddg�n|r�|jd�n|jdtj|�g�|j|�d}d	}	x=|r|	d
kr|	d}	td|d
t�j	�}q�Wt
t|d|��}
|
r&|
SdS(u�
    .. versionadded:: 2018.3.0

    Retrieve information about host public keys from remote server

    hostname
        The name of the remote host (e.g. "github.com")

    enc
        Defines what type of key is being used, can be ed25519, ecdsa ssh-rsa
        or ssh-dss

    port
        Optional parameter, denoting the port of the remote host on which an
        SSH daemon is running. By default the port 22 is used.

    hash_known_hosts : True
        Hash all hostnames and addresses in the known hosts file.

    timeout : int
        Set the timeout for connection attempts.  If ``timeout`` seconds have
        elapsed since a connection was initiated to a host or since the last
        time anything was read from that host, then the connection is closed
        and the host in question considered unavailable.  Default is 5 seconds.

    fingerprint_hash_type
        The fingerprint hash type that the public key fingerprints were
        originally hashed with. This defaults to ``sha256`` if not specified.

        .. versionadded:: 2016.11.4
        .. versionchanged:: 2017.7.0: default changed from ``md5`` to ``sha256``

    CLI Example:

    .. code-block:: bash

        salt '*' ssh.recv_known_host_entries <hostname> enc=<enc> port=<port>
    uCentOS-5ussh-keyscanu-pu-tuosfingerursau-Hu-Tiiiucmd.runR�RF(uCentOS-5N(textendR_R�R.Rt	text_typeRDR"RR�RpR�(R�RR�R�R�RFtneed_dash_tR�R9tattemptsR�((s4/usr/lib/python2.7/site-packages/salt/modules/ssh.pyR��s(/	

 c
C@s�|sidd6dd6S|s-|p'd}n|p6d}t||d|d|d|�}|r}g|D]}|d	^qgng}	|r�g|D]}|d
^q�ng}
|s�dS|r�||	kr�dSd
S|r�||
kr�dSd
SdSdS(u8
    Check the record in known_hosts file, either by its value or by fingerprint
    (it's enough to set up either key or fingerprint, you don't need to set up
    both).

    If provided key or fingerprint doesn't match with stored value, return
    "update", if no value is found for a given host, return "add", otherwise
    return "exists".

    If neither key, nor fingerprint is defined, then additional validation is
    not performed.

    CLI Example:

    .. code-block:: bash

        salt '*' ssh.check_known_host <user> <hostname> key='AAAA...FAaQ=='
    uerrorustatusuhostname argument requiredu/etc/ssh/ssh_known_hostsu.ssh/known_hostsR%R�RFukeyufingerprintuadduexistsuupdateN(R�(RR�RRJR%R�RFR�tht
known_keystknown_fingerprints((s4/usr/lib/python2.7/site-packages/salt/modules/ssh.pytcheck_known_host
s*
	))c	C@s|sidd6dd6Std|d|�}t|t�r@|Stjj|�smidd6dj|�d6St||�}dd|d	|g}td
|dt	�}t
jjj
�stj�dkr|rtd
|�}tj||d|d�qnidd6|d6S(u�
    Remove all keys belonging to hostname from a known_hosts file.

    CLI Example:

    .. code-block:: bash

        salt '*' ssh.rm_known_host <user> <hostname>
    uerrorustatusuhostname argument requiredR%Ru#Known hosts file {0} does not existu
ssh-keygenu-Ru-fucmd.runR�iu	user.infouuidugiduremoveducomment(R^RoR�R#R	RqRR�R"RRRR�R�R�R�(	RR�R%R�R:R�R�t
cmd_resultR&((s4/usr/lib/python2.7/site-packages/salt/modules/ssh.pyt
rm_known_host9s"


!c
$C@s�|sidd6dd6S|dk	rH|tkrH|rHidd6dd6St}
t}t||d|d|d|	�}|r�g|D]}
|
d^q�ng}|r�g|D]}
|
d	^q�ng}|s�t}
nW|r�||kr�t}
n<|r||krt}
n!|dkr-|dkr-t}n|
rM|rMid
d6|d6S|sFt|d|d|d
|d|d|	�}|r�g|D]}
|
d^q�ng}|r�g|D]}
|
d	^q�ng}|s�idd6dd6S|r||kridd6dd6S|rFx/|D]$}||krid
d6|d6SqWqFntd|d|�}t|t�rn|St	j
j|�r�t	j|�j
}t||�}dd|d|g}td|dtdt�j�}tt||��}|r�y�tjjj|d���}tjjjt|��}x%t|dt�D]}||d=q?W|jd�|j�|jtjjj|dt��WdQXWq�ttfk
r�}tdj |���q�Xq�nd}|r�i|d6|d 6|d6g}ng}xn|D]f}|s3|tdgks3d!|dkrEd"j |�}n||d#<d$j |�}|j!|�qWt	j
j"|�}|r�td%|�} ny!t#j$d&|�t	j%|�Wnitk
r&}!|!j&dd'kr�t#j'd(||!j&d�q[|!j&dd)kr[t#j$d*|�q[n5X|r[t	j(|| d+| d,�t	j)|d-�nyAtjjj|d.��#}|jtjjj*|��WdQXWn.ttfk
r�}td/j |���nXtjj+j,�sAt	j-�dkr|rt	j(|| d+| d,�n|r.t	j)||�qAt	j)|d0�n|ri|ritd1d|d|�}"nid2d6|d36|d46}#|#S(5up
    Download SSH public key from remote host "hostname", optionally validate
    its fingerprint against "fingerprint" variable and save the record in the
    known_hosts file.

    If such a record does already exists in there, do nothing.

    user
        The user who owns the ssh authorized keys file to modify

    hostname
        The name of the remote host (e.g. "github.com")

    fingerprint
        The fingerprint of the key which must be present in the known_hosts
        file (optional if key specified)

    key
        The public key which must be presented in the known_hosts file
        (optional if fingerprint specified)

    port
        optional parameter, denoting the port of the remote host, which will be
        used in case, if the public key will be requested from it. By default
        the port 22 is used.

    enc
        Defines what type of key is being used, can be ed25519, ecdsa ssh-rsa
        or ssh-dss

    config
        The location of the authorized keys file relative to the user's home
        directory, defaults to ".ssh/known_hosts". If no user is specified,
        defaults to "/etc/ssh/ssh_known_hosts". If present, must be an
        absolute path when a user is not specified.

    hash_known_hosts : True
        Hash all hostnames and addresses in the known hosts file.

    timeout : int
        Set the timeout for connection attempts.  If ``timeout`` seconds have
        elapsed since a connection was initiated to a host or since the last
        time anything was read from that host, then the connection is closed
        and the host in question considered unavailable.  Default is 5 seconds.

        .. versionadded:: 2016.3.0

    fingerprint_hash_type
        The public key fingerprint hash type that the public key fingerprint
        was originally hashed with. This defaults to ``sha256`` if not specified.

        .. versionadded:: 2016.11.4
        .. versionchanged:: 2017.7.0: default changed from ``md5`` to ``sha256``

    CLI Example:

    .. code-block:: bash

        salt '*' ssh.set_known_host <user> fingerprint='xx:xx:..:xx' enc='ssh-rsa' config='.ssh/known_hosts'
    uerrorustatusuhostname argument requireduKargument port can not be used in conjunction with argument hash_known_hostsR%R�RFukeyufingerprintuexistsukeysRR�R�u"Unable to receive remote host keysu\Remote host public keys found but none of their fingerprints match the one you have providedRu
ssh-keygenu-Fu-fucmd.runR�R�ur+treverseiitto_strNu;Couldn't remove old entry(ies) from known hosts file: '{0}'uhostnameuencu:u{hostname} {enc} {key}
uportu [{hostname}]:{port} {enc} {key}
u	user.infou#Ensuring ssh config dir "%s" existsuPermission deniedu!Unable to create directory %s: %suFile existsu'%s already exists, no need to create ituuidugidi�uabu*Couldn't append to known hosts file: '{0}'i�ussh.hash_known_hostsuupdateduoldunew(.RDtDEFAULT_SSH_PORTRR�RR�R^RoR�R#R	Rqtstattst_modeR�R"R�RpR�RRR(R)R4RRtsortedR�ttruncateR3R6R7RRR.R�RbtdebugR�targsR R�R�R5R�R�R�($RR�RJRR�RR%R�R�RFtupdate_requiredtcheck_requiredtstored_host_entriesR�tstored_keyststored_fingerprintstremote_host_entriesR�R�R:torigmodeR�R�R9tremove_linestofiletknown_hosts_linesR�t	exceptiontentryRtssh_dirR&R=R�R�((s4/usr/lib/python2.7/site-packages/salt/modules/ssh.pytset_known_host[s�F

	))						))





&!
(
		&c	C@s|std�}nt|t�s1|g}ni}x�|D]�}i||<td|�}d|krpq>ng}|r�|j|�n%|tk	r�|ddddg7}n|r�|j|�n%|tk	r�|dd	d
dg7}nx�|D]�}|jd�r#tjj|�}|}	n|}d
j	|d|�}	tjj
|	�r�yWtjj
j|	d��9}
djtjjj|
j���j�|||<WdQXWq�ttfk
r�q�Xq�q�Wq>Wi}x)|D]!}||r�||||<q�q�W|S(u�

    Return the user's ssh keys on the minion

    .. versionadded:: 2014.7.0

    CLI Example:

    .. code-block:: bash

        salt '*' ssh.user_keys
        salt '*' ssh.user_keys user=user1
        salt '*' ssh.user_keys user=user1 pubfile=/home/user1/.ssh/id_rsa.pub prvfile=/home/user1/.ssh/id_rsa
        salt '*' ssh.user_keys user=user1 prvfile=False
        salt '*' ssh.user_keys user="['user1','user2'] pubfile=id_rsa.pub prvfile=id_rsa

    As you can see you can tell Salt not to read from the user's private (or
    public) key file by setting the file path to ``False``. This can be useful
    to prevent Salt from publishing private data via Salt Mine or others.
    uuser.list_usersu	user.infouhomeu
id_rsa.pubu
id_dsa.pubuid_ecdsa.pubuid_ed25519.pubuid_rsauid_dsauid_ecdsau
id_ed25519u/u{0}/.ssh/{1}uruN(R"RoRpR.RR-R#R	tbasenameRtexistsRRR(R)RR4RRt	readlinesR,R6R7(RtpubfiletprvfileRiRstuserinfotuserKeysRtkeynameRkR;t_keys((s4/usr/lib/python2.7/site-packages/salt/modules/ssh.pyt	user_keys8sN

	
	*

cC@std|d|�}t|t�r(|Stjj|�sUidd6dj|�d6Stj|�j}ddd|g}t	d	|d
t
�}tj||�tj
jj�s�tj�dkr�|r�t	d|�}tj||d
|d�q�nidd6|d6S(uI

    Hash all the hostnames in the known hosts file.

    .. versionadded:: 2014.7.0

    user
        hash known hosts of this user

    config
        path to known hosts file: can be absolute or relative to user's home
        directory

    CLI Example:

    .. code-block:: bash

        salt '*' ssh.hash_known_hosts

    R%Ruerrorustatusu#Known hosts file {0} does not existu
ssh-keygenu-Hu-fucmd.runR�iu	user.infouuidugiduupdateducomment(R^RoR�R#R	RqRR�R�R"RR�RRR�R�R�R�(RR%R:R�R�R�R&((s4/usr/lib/python2.7/site-packages/salt/modules/ssh.pyR��s
!cC@s+|s|tkr|Sdj||�SdS(Nu	[{0}]:{1}(R�R(R�R�((s4/usr/lib/python2.7/site-packages/salt/modules/ssh.pyR��scC@std|�S(ui
    .. versionadded:: 2015.8.7

    Function to determine whether or not a private key is encrypted with a
    passphrase.

    Checks key for a ``Proc-Type`` header with ``ENCRYPTED`` in the value. If
    found, returns ``True``, otherwise returns ``False``.

    CLI Example:

    .. code-block:: bash

        salt '*' ssh.key_is_encrypted /root/id_rsa
    ussh.key_is_encrypted(t	__utils__(R((s4/usr/lib/python2.7/site-packages/salt/modules/ssh.pytkey_is_encrypted�s(Dt__doc__t
__future__RRRRUROtloggingR#R/R�tsalt.utils.decorators.pathRtsalt.utils.datatsalt.utils.filestsalt.utils.pathtsalt.utils.platformtsalt.utils.stringutilstsalt.utils.versionstsalt.exceptionsRRtsalt.extRtsalt.ext.six.movesRt	getLoggert__name__RbR�tPY3RSR
RRR!R'RDR>RKRCR^RRnRtR|RvR�R�R�R�R�R�Rt
decoratorsR	R
R�R�R�R�R�R�R�R�R�R�R�(((s4/usr/lib/python2.7/site-packages/salt/modules/ssh.pyt<module>
s�						)	:	0;+(-2L9c	5@."�Q)

Zerion Mini Shell 1.0