x[h+ %SrSSKrSSKrSSKrSSKrSSKrSSKJrJrJ r SSK J r J r J r Jr SSKJr SSKJr SSKJr SSKJrJr SS KJr S \/\/S .r\\S '\R8"\5r/S QrS/r Sr!Sr"/r#\\$\S'0r%0r&\HCr'\%RQ\'S3\!\'-S4\'S3\!\'-S3S4\'S3\!\'-S3S405 \'S3\&\'S3'ME Sr)S\$SS4Sjr*S\$S\S\S \+SS4 S!jr,S"r-S%S#\\ \$4S$jjr.g)&zSSH: Configure SSH and SSH keysN)ListOptionalSequence) lifecyclessh_utilsubputil)Cloud)Config) MetaSchema) ALL_DISTROSug_util) PER_INSTANCEcc_ssh)iddistros frequencyactivate_by_schema_keysmeta)rsaecdsaed25519rz/etc/ssh/ssh_host_%s_keyTHOST_KEY_PUBLISH_BLACKLIST_private_public.pub _certificatez -cert.pubz;o=$(ssh-keygen -yf "%s") && echo "$o" root@localhost > "%s"keyfilereturncHSn[R"5nU(aU[R"SS5:aSnOSn[R "S5nUS:wa[ R"USU5 [ R"X5 [ R"US3U5 g ) a For fedora 37, centos 9 stream and below: - sshd version is earlier than version 9. - 'ssh_keys' group is present and owns the private keys. - private keys have permission 0o640. For fedora 38, centos 10 stream and above: - ssh version is atleast version 9. - 'ssh_keys' group is absent. 'root' group owns the keys. - private keys have permission 0o600, same as upstream. Public keys in all cases have permission 0o644. r rirssh_keysrN) rget_opensshd_upstream_versionrVersionr get_group_idoschownchmod)r permissions_public ssh_versionpermissions_privategids 9/usr/lib/python3/dist-packages/cloudinit/config/cc_ssh.pyset_redhat_keyfile_permsr1=s88:K{Y%6%6q!%<< $$   J 'C by "c"HHW*HHy 12namecfgcloudargsc j URSS5(aT[RRSS5n[R"U5Hn[ R "U5 M SU;Gap/nUSR5HupxU[;a9[R"SU5(aSn OS n [RS X5 MH[US n [US n [ R"XU 5 S U;dMUR!S[#U 545 M U(a[$R&"U5 [(R5HupXS;dXS;aM[U S [U S pSS[*X4-/n[ R,"SSS9 [.R."USS9 SSS5 [R1SX5 M GO[ R2"US[45n[ R6"5(dUOUVs/sHnU[8;dMUPM snn[;U5R=U5nU(a%[R1SSRU55 UGHn[>U-n[RRAU5(aM3[ RB"[RREU55 SSUSSSU/n[ R,"SSS9 [.R."USS S!0S"9unn[ RF"US#S5(d3[HRJRM[ RN"U55 URPRRS$:Xa [UU5 SSS5 GM! S(U;a?[ R2"US(S)[`5n[ RF"US(S*[b5nO [`n[bnU(a%[eUS+9nURfRiU5 [jRl"XRP5unn[jRn"U5unn [ RF"US-S5n![ Rp"US.[$Rr5n"/n#[ RF"US/S5(aURu5=(d /n#O[R1S05 S1U;aUS1n$U#RwU$5 [yU#UU!U"5 g![a! [ R"[SU5 GMf=f!,(df  GN=f![a& [ R"[SUSU35 GM-f=fs snf![.RVan[ RN"URX5R[5nUR\S :Xa@UR[5R_S%5(a[R1S&U5 SnAGN[ R"[S'UU5 SnAGNSnAff=f!,(df  GM=f![a [ R"[S,5 GNdf=f![a [ R"[S25 gf=f)3Nssh_deletekeysTz /etc/ssh/zssh_host_*key*zFailed deleting key file %sr$z4^(ecdsa-sk|ed25519-sk)_(private|public|certificate)$ unsupported unrecognizedz Skipping %s ssh_keys entry: "%s"rrHostCertificateshz-xcz/etc/ssh) recursiveF)capturezGenerated a key for %s from %szFailed generating a key for z from ssh_genkeytypesz5skipping keys that are not supported in fips mode: %s,z ssh-keygenz-tz-Nz-fLANGC)r? update_envssh_quiet_keygenredhatz unknown keyz!ssh-keygen: unknown key type '%s'z(Failed generating key type %s to file %sssh_publish_hostkeys blacklistenabled)rIzPublishing host keys failed! disable_rootdisable_root_optsallow_public_ssh_keyszSSkipping import of publish SSH keys per config setting: allow_public_ssh_keys=Falsessh_authorized_keysz Applying SSH credentials failed!)=getr)pathjoinglobr del_file ExceptionlogexcLOGitemsCONFIG_KEY_TO_FILErematchwarning write_fileappendstrrappend_ssh_config PRIV_TO_PUB KEY_GEN_TPL SeLinuxGuardrdebugget_cfg_option_listGENERATE_KEY_NAMES fips_enabledFIPS_UNSUPPORTED_KEY_NAMESset difference KEY_FILE_TPLexists ensure_dirdirnameget_cfg_option_boolsysstdoutwrite decode_binarydistroosfamilyr1ProcessExecutionErrorstderrlower exit_code startswithrPUBLISH_HOST_KEYSget_public_host_keys datasourcepublish_host_keysrnormalize_users_groupsextract_defaultget_cfg_option_strDISABLE_USER_OPTSget_public_ssh_keysextendapply_credentials)%r3r4r5r6key_pthf cert_configkeyvalreasontgt_fn tgt_perms private_type public_type private_file public_filecmdgenkeysnames key_names skipped_keyskeytyper outerrehost_key_blacklistpublish_hostkeyshostkeysusers_groupsuser _user_configrKrLkeyscfgkeyss% r0handleras ww&&'',,{,<=7#A C a $ S J--/HC,,88JC+F+F >L',Q/F*3/2I OOF 3$""$5s6{#CD0"   & &{ 3)4):):)< %L:.:6"<03";/2& |.I IJC &&zTBIIc51C 4k*=4** "$6  $$&& %$E ::$ 7|..y9  IIG&  !G"g.Gww~~g&& OOBGGOOG4 5wb$HC"":>#yyTvsm HC 33/ ((););C)@A||,,809?>!D$!55 & '  &   33 & '4E 8,'2DE =    . .x 8="99#||L&66u=|//^TJ  33 $h&@&@   # #C)@$ G G,,.4"D II>  !C '/0G KK $l4EFg C C!>BB CNCB   2"m6,9 B11 ,,QXX6<<>C{{a'CIIK,B,B%-- "EwOO F##  ?>V = KK; < =2 = C;<=sTU)U?UV 1V Y BVY#C2Z &UU U U+VVY"A8YY  Y=Y YY  Y %ZZ %Z21Z2c[U5nU(a[R"X5 U(a.U(dSnURSU5nURSS5nOSn[R"USUS9 g)NNONEz$USERz $DISABLE_USERrootrB)options)rhrsetup_user_keysreplace)rrrKrL key_prefixs r0rrsb t9D   ,D&..w= ''@   T6:>r2rIc[<S3n/n/nU(aUVs/sHoAU4-PM nn[R"US-5Vs/sH nXS;dM UPM nnUH`n[R"U5nUR 5n U (dM2[ U 5S:dMCUR [U SS55 Mb U$s snfs snf)aRead host keys from /etc/ssh/*.pub files and return them as a list. @param blacklist: List of key types to ignore. e.g. ['rsa'] @returns: List of keys, each formatted as a two-element tuple. e.g. [('ssh-rsa', 'AAAAB3Nz...'), ('ssh-ed25519', 'AAAAC3Nx...')] r)*r;N)rjrRr load_text_filesplitlenr]tuple) rIpublic_key_file_tmplkey_listblacklist_fileskey_typehostfile file_list file_name file_contentskey_datas r0r{r{s(45HO@I ?H8H; .y   "6"?@@H  * @ ++I6  &&( 8H ) OOE(2A,/ 0  O# sC CC)N)/__doc__rRloggingr)rYrotypingrrr cloudinitrrrr cloudinit.cloudr cloudinit.configr cloudinit.config.schemar cloudinit.distrosr rcloudinit.settingsrr__annotations__ getLogger__name__rVrergrjrzrr^rXr`kupdaterar1listrrr{r2r0rs&  ++55!#.2+ }! j!0'[) (*DI* AcN\A-u5cM|a/05u=c L1$4#5Y!? G &'Cw-K1#X L !3c!3d!3H]=]=6]=%]=t]=]=@?"HXc]$;r2