Adding the ability to retrieve user ssh keys from minions for all users or a particular user.

2024-11-07 17:09:03 +00:00 · 2014-04-30 18:19:27 -07:00 · 2014-04-30 18:19:27 -07:00 · f52fefbc1c
commit f52fefbc1c
parent 54e3c8de29
1 changed files with 75 additions and 0 deletions
--- a/salt/modules/ssh.py
+++ b/salt/modules/ssh.py
@ -756,3 +756,78 @@ def set_known_host(user, hostname,
    if os.geteuid() == 0:
        os.chown(full, uinfo['uid'], uinfo['gid'])
    return {'status': 'updated', 'old': stored_host, 'new': remote_host}
 def user_keys(user=None, pubfile=None, prvfile=None):
    '''
    Return the user's ssh keys on the minion
    CLI Example:
    .. code-block:: bash
        salt '*' ssh.user_keys
        salt '*' ssh.user_keys user=user1
        salt '*' ssh.user_keys user=user1 \
                pubfile=/home/user1/.ssh/id_rsa.pub
                prvfile=/home/user1/.ssh/id_rsa
        salt '*' ssh.user_keys user="['user1','user2'] \
                pubfile=id_rsa.pub prvfile=id_rsa
    '''
    if not user:
        user = __salt__['user.list_users']()
    if not isinstance(user, list):
        # only one so convert to list
        user = [user]
    keys = {}
    for u in user:
        keys[u] = {}
        userinfo = __salt__['user.info'](u)
        if not 'home' in userinfo:
            # no home directory, skip
            continue
        userKeys = []
        if pubfile:
            userKeys.append(pubfile)
        else:
            # Add the default public keys
            userKeys += ['id_rsa.pub', 'id_dsa.pub']
        if prvfile:
            userKeys.append(prvfile)
        else:
            # Add the default private keys
            userKeys += ['id_rsa', 'id_dsa']
        for key in userKeys:
            if key.startswith('/'):
                keyname = os.path.basename(key)
                fn_ = key
            else:
                # if not full path, assume key is in .ssh
                # in user's home directory
                keyname = key
                fn_ = '{0}/.ssh/{1}'.format(userinfo['home'], key)
            if os.path.exists(fn_):
                try:
                    with salt.utils.fopen(fn_, 'r') as _fh:
                        keys[u][keyname] = ''.join(_fh.readlines())
                except (IOError, OSError):
                    pass
    # clean up any empty items
    _keys = {}
    for key in keys:
        if keys[key]:
            _keys[key] = keys[key]
    return _keys