Class: OpenNebula::SshAuth

Inherits:

Object

• Object
• OpenNebula::SshAuth

Defined in:

lib/opennebula/ssh_auth.rb

Overview

SSH key authentication class. It can be used as a driver for auth_mad as auth method is defined. It also holds some helper methods to be used by oneauth command

Constant Summary

LOGIN_PATH =

ENV['HOME']+'/.one/one_ssh'

Instance Method Summary

• #authenticate(user, token) ⇒ Object

  Checks the proxy created with the login method.

• #initialize(options = {}) ⇒ SshAuth constructor

  Initialize SshAuth object.

• #login(user, expire = 3600) ⇒ Object

  Creates the login file for ssh authentication at ~/.one/one_ssh.

• #password ⇒ Object

  Returns a valid password string to create a user using this auth driver.

Constructor Details

#initialize(options = {}) ⇒ SshAuth

Initialize SshAuth object

Parameters:

• default (Hash) —

  options for path

• options (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (options):

• :public_key (String) —

  public key for the user

• :private_key (String) —

  key private key for the user.

# File 'lib/opennebula/ssh_auth.rb', line 36

def initialize(options={})
    @private_key = nil
    @public_key  = nil

    # Initialize the private key
    if options[:private_key]
        begin
            @private_key = File.read(options[:private_key])
        rescue Exception => e
            raise "Cannot read #{options[:private_key]}"
        end

        @private_key_rsa = OpenSSL::PKey::RSA.new(@private_key)
    end

    # Initialize the public key
    if options[:public_key]
        @public_key = options[:public_key]
    elsif @private_key != nil
        # Init ssh keys using private key. public key is extracted in a
        # format compatible with openssl. The public key does not contain
        # "---- BEGIN/END PUBLIC KEY ----" and is in a single line
        @public_key = @private_key_rsa.public_key.to_pem.split("\n")
        @public_key = @public_key.reject {|l| l.match(/PUBLIC KEY/) }.join('')
    end

    if @private_key.nil? && @public_key.nil?
        raise "You have to define at least one of the keys"
    end

    @public_key_rsa = OpenSSL::PKey::RSA.new(Base64::decode64(@public_key))
end

Instance Method Details

#authenticate(user, token) ⇒ Object

Checks the proxy created with the login method

# File 'lib/opennebula/ssh_auth.rb', line 107

def authenticate(user, token)
    begin
        token_plain = decrypt(token)
        _user, time = token_plain.split(':')

        if user == _user
            if Time.now.to_i >= time.to_i
                return "ssh proxy expired, login again to renew it"
            else
                return true
            end
        else
            return "invalid credentials"
        end
    rescue
        return "error"
    end
end

#login(user, expire = 3600) ⇒ Object

Creates the login file for ssh authentication at ~/.one/one_ssh. By default it is valid for 1 hour but it can be changed to any number of seconds with expire parameter (in seconds)

# File 'lib/opennebula/ssh_auth.rb', line 72

def login(user, expire=3600)
    expire ||= 3600

    # Init proxy file path and creates ~/.one directory if needed
    proxy_dir = File.dirname(LOGIN_PATH)

    begin
        FileUtils.mkdir_p(proxy_dir)
    rescue Errno::EEXIST
    end

    # Generate security token
    time = Time.now.to_i + expire.to_i

    secret_plain   = "#{user}:#{time}"
    secret_crypted = encrypt(secret_plain)

    proxy = "#{user}:#{secret_crypted}"

    file = File.open(LOGIN_PATH, "w")
    file.write(proxy)
    file.close

    File.chmod(0600,LOGIN_PATH)

    secret_crypted
end

#password ⇒ Object

Returns a valid password string to create a user using this auth driver. In this case the ssh public key.

# File 'lib/opennebula/ssh_auth.rb', line 102

def password
    @public_key
end