From f666cdde286000ac5f49ef2c2f62091d3c1d5aa3 Mon Sep 17 00:00:00 2001 From: Stefan Priebe Date: Wed, 31 Oct 2012 12:27:34 +0100 Subject: [PATCH] added setup_rootsshconfig to create initial ssh config for user root Signed-off-by: Stefan Priebe --- data/PVE/Cluster.pm | 14 ++++++++++++++ data/PVE/pvecm | 2 ++ 2 files changed, 16 insertions(+) diff --git a/data/PVE/Cluster.pm b/data/PVE/Cluster.pm index 624d1e8..9f251ba 100644 --- a/data/PVE/Cluster.pm +++ b/data/PVE/Cluster.pm @@ -51,6 +51,7 @@ my $sshglobalknownhosts = "/etc/ssh/ssh_known_hosts"; my $sshknownhosts = "/etc/pve/priv/known_hosts"; my $sshauthkeys = "/etc/pve/priv/authorized_keys"; my $rootsshauthkeys = "/root/.ssh/authorized_keys"; +my $rootsshconfig = "/root/.ssh/config"; my $observed = { 'vzdump.cron' => 1, @@ -1030,6 +1031,19 @@ sub ssh_merge_keys { PVE::Tools::file_set_contents($sshauthkeys, $newdata, 0600); } +sub setup_rootsshconfig { + + # create ssh config if it does not exist + if (! -f $rootsshconfig) { + mkdir '/root/.ssh' if ( !-e '/root/.ssh' ); + if (my $fh = IO::File->new ($rootsshconfig, O_CREAT|O_WRONLY|O_EXCL, 0640)) { + # this is the default ciphers list from debian openssl0.9.8 except blowfish is added as prefered + print $fh "Ciphers blowfish,aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc\n"; + close($fh); + } + } +} + sub setup_ssh_keys { # create ssh key if it does not exist diff --git a/data/PVE/pvecm b/data/PVE/pvecm index bb7e2c8..50593a6 100755 --- a/data/PVE/pvecm +++ b/data/PVE/pvecm @@ -169,6 +169,7 @@ __PACKAGE__->register_method ({ -f $clusterconf && die "cluster config '$clusterconf' already exists\n"; + PVE::Cluster::setup_rootsshconfig(); PVE::Cluster::setup_ssh_keys(); -f $authfile || __PACKAGE__->keygen({filename => $authfile}); @@ -367,6 +368,7 @@ __PACKAGE__->register_method ({ code => sub { my ($param) = @_; + PVE::Cluster::setup_rootsshconfig(); PVE::Cluster::setup_ssh_keys(); my $host = $param->{hostname}; -- 2.39.5