geo-rep: Add support for non standard AuthorizedKeysFile location

In /etc/ssh/sshd_config, AuthorizedKeysFile can be customized using %u and %h variables, %u will be replaced by user name and %h will be replaced by home dir name. Default location is .ssh/authorized_keys For example, AuthorizedKeysFile .ssh/authorized_keys AuthorizedKeysFile %h/.my_secret_dir/authorized_keys AuthorizedKeysFile /etc/ssh/keys/%u/authorized_keys PS: Support only added for %h and %u in sshd_config BUG: 1181117 Signed-off-by: Aravinda VK <avishwan@redhat.com> Change-Id: Ic6ba20f9d202762dfdb6d0c73ea42e7f7c64e177 Reviewed-on: http://review.gluster.org/9436 Reviewed-by: Kotresh HR <khiremat@redhat.com> Reviewed-by: Venky Shankar <vshankar@redhat.com> Tested-by: Venky Shankar <vshankar@redhat.com>
2015-01-12 17:59:16 +05:30 · 2015-01-12 17:59:16 +05:30 · 633cc5aea1
commit 633cc5aea1
parent 1226083d0f
1 changed files with 32 additions and 9 deletions
--- a/geo-replication/src/peer_add_secret_pub.in
+++ b/geo-replication/src/peer_add_secret_pub.in
@ -26,16 +26,39 @@ if [ "$home_dir" == "" ]; then
    exit 1;
 fi

-if [ ! -d $home_dir/.ssh ]; then
-    mkdir $home_dir/.ssh;
-    chmod 700 $home_dir/.ssh;
-    chown $user: $home_dir/.ssh;
+authorized_keys_file=$(cat /etc/ssh/sshd_config | \
+                              grep -e "^AuthorizedKeysFile" | \
+                              awk '{print $2}' | tail -1);
+
+# If not set, use default location
+if [ "x$authorized_keys_file" == "x" ]; then
+    authorized_keys_file="%h/.ssh/authorized_keys"
 fi

-if [ ! -d $home_dir/.ssh/authorized_keys ]; then
-    touch $home_dir/.ssh/authorized_keys;
-    chmod 600 $home_dir/.ssh/authorized_keys;
-    chown $user: $home_dir/.ssh/authorized_keys;
+# If default location
+if [ "$authorized_keys_file" == ".ssh/authorized_keys" ]; then
+    authorized_keys_file="%h/$authorized_keys_file"
 fi

-cat "$GLUSTERD_WORKDIR"/geo-replication/${mastervol}_${slavevol}_common_secret.pem.pub >> $home_dir/.ssh/authorized_keys;
+# Replace %u with user name (ex: /etc/ssh/keys/%u/authorized_keys)
+authorized_keys_file="${authorized_keys_file//%u/$user}";
+
+# Replace %h with home dir (ex: %h/.ssh/authorized_keys)
+authorized_keys_file="${authorized_keys_file//%h/$home_dir}";
+ssh_dir=$(dirname $authorized_keys_file);
+
+if [ ! -d $ssh_dir ]; then
+    mkdir $ssh_dir;
+    chmod 700 $ssh_dir;
+    chown $user: $ssh_dir;
+fi
+
+if [ ! -d $authorized_keys_file ]; then
+    touch $authorized_keys_file;
+    chmod 600 $authorized_keys_file;
+    chown $user: $authorized_keys_file;
+fi
+
+pub_file=${mastervol}_${slavevol}_common_secret.pem.pub
+cat "$GLUSTERD_WORKDIR"/geo-replication/$pub_file >> \
+    $authorized_keys_file;