aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorelijah <elijah@riseup.net>2014-03-19 15:06:20 -0700
committerelijah <elijah@riseup.net>2014-03-19 15:06:20 -0700
commitbf3f301678a38d7436635db5fdc1e669c31da231 (patch)
tree3da62e9210db914c3ec40d53e2c6cebb7c962732 /lib
parentb4407890476324742e560c3dcb6bda251f2fec12 (diff)
downloadleap_cli-bf3f301678a38d7436635db5fdc1e669c31da231.tar.gz
leap_cli-bf3f301678a38d7436635db5fdc1e669c31da231.tar.bz2
yep, another attempt to fix ssh. (now authorized_keys2 is set to insecure vagrant key)
Diffstat (limited to 'lib')
-rw-r--r--lib/leap_cli/commands/node.rb5
-rw-r--r--lib/leap_cli/remote/tasks.rb20
2 files changed, 9 insertions, 16 deletions
diff --git a/lib/leap_cli/commands/node.rb b/lib/leap_cli/commands/node.rb
index fdd1fa8..b554c1f 100644
--- a/lib/leap_cli/commands/node.rb
+++ b/lib/leap_cli/commands/node.rb
@@ -64,10 +64,9 @@ module LeapCli; module Commands
ssh_connect_options = connect_options(options).merge({:bootstrap => true, :echo => options[:echo]})
ssh_connect(node, ssh_connect_options) do |ssh|
if node.vagrant?
- ssh.install_authorized_keys2
- else
- ssh.install_authorized_keys
+ ssh.install_insecure_vagrant_key
end
+ ssh.install_authorized_keys
ssh.install_prerequisites
ssh.leap.capture(facter_cmd) do |response|
if response[:exitcode] == 0
diff --git a/lib/leap_cli/remote/tasks.rb b/lib/leap_cli/remote/tasks.rb
index 9f24599..21a6cc6 100644
--- a/lib/leap_cli/remote/tasks.rb
+++ b/lib/leap_cli/remote/tasks.rb
@@ -13,26 +13,20 @@ task :install_authorized_keys, :max_hosts => MAX_HOSTS do
end
#
-# for vagrant nodes, we don't overwrite authorized_keys, because we want to keep the insecure vagrant key.
-# instead we install to authorized_keys2, which is also used by sshd.
+# for vagrant nodes, we install insecure vagrant key to authorized_keys2, since deploy
+# will overwrite authorized_keys.
#
-# why?
-# without it, it might be impossible to re-initialize a node.
-#
-# ok, why is that?
-# when we init a vagrant node, we force it to use the insecure vagrant key, and not the user's keys
-# (so re-initialization would be impossible if authorized_keys doesn't include insecure key).
-#
-# ok, why force the insecure vagrant key in the first place?
+# why force the insecure vagrant key?
# if we don't do this, then first time initialization might fail if the user has many keys
# (ssh will bomb out before it gets to the vagrant key).
# and it really doesn't make sense to ask users to pin the insecure vagrant key in their
# .ssh/config files.
#
-task :install_authorized_keys2, :max_hosts => MAX_HOSTS do
- leap.log :updating, "authorized_keys2" do
+task :install_insecure_vagrant_key, :max_hosts => MAX_HOSTS do
+ leap.log :installing, "insecure vagrant key" do
leap.mkdirs '/root/.ssh'
- upload LeapCli::Path.named_path(:authorized_keys), '/root/.ssh/authorized_keys2', :mode => '600'
+ key_file = File.expand_path('../../../vendor/vagrant_ssh_keys/vagrant.pub', File.dirname(__FILE__))
+ upload key_file, '/root/.ssh/authorized_keys2', :mode => '600'
end
end