Class: OpenNebula::SshAuth
- Inherits:
-
Object
- Object
- OpenNebula::SshAuth
- Defined in:
- lib/opennebula/ssh_auth.rb
Overview
SSH key authentication class. It can be used as a driver for auth_mad as auth method is defined. It also holds some helper methods to be used by oneauth command
Instance Method Summary collapse
-
#authenticate(user, token) ⇒ Object
Checks the proxy created with the login method.
-
#initialize(options = {}) ⇒ SshAuth
constructor
Initialize SshAuth object.
-
#login_token(user, expire = 3600) ⇒ Object
Creates a login token for ssh authentication.
-
#password ⇒ Object
Returns a valid password string to create a user using this auth driver.
Constructor Details
#initialize(options = {}) ⇒ SshAuth
Initialize SshAuth object
34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 |
# File 'lib/opennebula/ssh_auth.rb', line 34 def initialize(={}) @private_key = nil @public_key = nil # Initialize the private key if [:private_key] begin @private_key = File.read([:private_key]) rescue Exception => e raise "Cannot read #{[:private_key]}" end @private_key_rsa = OpenSSL::PKey::RSA.new(@private_key) end # Initialize the public key if [:public_key] @public_key = [:public_key] elsif @private_key != nil # Init ssh keys using private key. public key is extracted in a # format compatible with openssl. The public key does not contain # "---- BEGIN/END PUBLIC KEY ----" and is in a single line @public_key = @private_key_rsa.public_key.to_pem.split("\n") @public_key = @public_key.reject {|l| l.match(/PUBLIC KEY/) }.join('') end if @private_key.nil? && @public_key.nil? raise "You have to define at least one of the keys" end @public_key_rsa = OpenSSL::PKey::RSA.new(Base64::decode64(@public_key)) end |
Instance Method Details
#authenticate(user, token) ⇒ Object
Checks the proxy created with the login method
83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 |
# File 'lib/opennebula/ssh_auth.rb', line 83 def authenticate(user, token) begin token_plain = decrypt(token) _user, time = token_plain.split(':') if user == _user if Time.now.to_i >= time.to_i return "ssh proxy expired, login again to renew it" else return true end else return "invalid credentials" end rescue return "error" end end |
#login_token(user, expire = 3600) ⇒ Object
Creates a login token for ssh authentication. By default it is valid for 1 hour but it can be changed to any number of seconds with expire parameter (in seconds)
70 71 72 73 74 |
# File 'lib/opennebula/ssh_auth.rb', line 70 def login_token(user, expire=3600) expire ||= 3600 return encrypt("#{user}:#{Time.now.to_i + expire.to_i}") end |
#password ⇒ Object
Returns a valid password string to create a user using this auth driver. In this case the ssh public key.
78 79 80 |
# File 'lib/opennebula/ssh_auth.rb', line 78 def password @public_key end |