Class: OpenNebula::SshAuth
- Inherits:
-
Object
- Object
- OpenNebula::SshAuth
- Defined in:
- lib/opennebula/ssh_auth.rb
Overview
SSH key authentication class. It can be used as a driver for auth_mad as auth method is defined. It also holds some helper methods to be used by oneauth command
Constant Summary collapse
- LOGIN_PATH =
ENV['HOME']+'/.one/one_ssh'
Instance Method Summary collapse
-
#authenticate(user, token) ⇒ Object
Checks the proxy created with the login method.
-
#initialize(options = {}) ⇒ SshAuth
constructor
Initialize SshAuth object.
-
#login(user, expire = 3600) ⇒ Object
Creates the login file for ssh authentication at ~/.one/one_ssh.
-
#password ⇒ Object
Returns a valid password string to create a user using this auth driver.
Constructor Details
#initialize(options = {}) ⇒ SshAuth
Initialize SshAuth object
36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 |
# File 'lib/opennebula/ssh_auth.rb', line 36 def initialize(={}) @private_key = nil @public_key = nil # Initialize the private key if [:private_key] begin @private_key = File.read([:private_key]) rescue Exception => e raise "Cannot read #{[:private_key]}" end @private_key_rsa = OpenSSL::PKey::RSA.new(@private_key) end # Initialize the public key if [:public_key] @public_key = [:public_key] elsif @private_key != nil # Init ssh keys using private key. public key is extracted in a # format compatible with openssl. The public key does not contain # "---- BEGIN/END PUBLIC KEY ----" and is in a single line @public_key = @private_key_rsa.public_key.to_pem.split("\n") @public_key = @public_key.reject {|l| l.match(/PUBLIC KEY/) }.join('') end if @private_key.nil? && @public_key.nil? raise "You have to define at least one of the keys" end @public_key_rsa = OpenSSL::PKey::RSA.new(Base64::decode64(@public_key)) end |
Instance Method Details
#authenticate(user, token) ⇒ Object
Checks the proxy created with the login method
107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 |
# File 'lib/opennebula/ssh_auth.rb', line 107 def authenticate(user, token) begin token_plain = decrypt(token) _user, time = token_plain.split(':') if user == _user if Time.now.to_i >= time.to_i return "ssh proxy expired, login again to renew it" else return true end else return "invalid credentials" end rescue return "error" end end |
#login(user, expire = 3600) ⇒ Object
Creates the login file for ssh authentication at ~/.one/one_ssh. By default it is valid for 1 hour but it can be changed to any number of seconds with expire parameter (in seconds)
72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 |
# File 'lib/opennebula/ssh_auth.rb', line 72 def login(user, expire=3600) expire ||= 3600 # Init proxy file path and creates ~/.one directory if needed proxy_dir = File.dirname(LOGIN_PATH) begin FileUtils.mkdir_p(proxy_dir) rescue Errno::EEXIST end # Generate security token time = Time.now.to_i + expire.to_i secret_plain = "#{user}:#{time}" secret_crypted = encrypt(secret_plain) proxy = "#{user}:#{secret_crypted}" file = File.open(LOGIN_PATH, "w") file.write(proxy) file.close File.chmod(0600,LOGIN_PATH) secret_crypted end |
#password ⇒ Object
Returns a valid password string to create a user using this auth driver. In this case the ssh public key.
102 103 104 |
# File 'lib/opennebula/ssh_auth.rb', line 102 def password @public_key end |