class OpenNebula::SshAuth
SSH key authentication class. It can be used as a driver for auth_mad as auth method is defined. It also holds some helper methods to be used by oneauth command
Public Class Methods
Initialize SshAuth object
@param [Hash] default options for path @option options [String] :public_key public key for the user @option options [String] :private_key key private key for the user.
# File lib/opennebula/ssh_auth.rb, line 34 def initialize(options={}) @private_key = nil @public_key = nil # Initialize the private key if options[:private_key] begin @private_key = File.read(options[:private_key]) rescue Exception => e raise "Cannot read #{options[:private_key]}" end @private_key_rsa = OpenSSL::PKey::RSA.new(@private_key) end # Initialize the public key if options[:public_key] @public_key = options[:public_key] elsif @private_key != nil # Init ssh keys using private key. public key is extracted in a # format compatible with openssl. The public key does not contain # "---- BEGIN/END PUBLIC KEY ----" and is in a single line @public_key = @private_key_rsa.public_key.to_pem.split("\n") @public_key = @public_key.reject {|l| l.match(/PUBLIC KEY/) }.join('') end if @private_key.nil? && @public_key.nil? raise "You have to define at least one of the keys" end @public_key_rsa = OpenSSL::PKey::RSA.new(Base64::decode64(@public_key)) end
Public Instance Methods
Checks the proxy created with the login method
# File lib/opennebula/ssh_auth.rb, line 83 def authenticate(user, token) begin token_plain = decrypt(token) _user, time = token_plain.split(':') if user == _user if Time.now.to_i >= time.to_i return "ssh proxy expired, login again to renew it" else return true end else return "invalid credentials" end rescue return "error" end end
Creates a login token for ssh authentication. By default it is valid for 1 hour but it can be changed to any number of seconds with expire parameter (in seconds)
# File lib/opennebula/ssh_auth.rb, line 70 def login_token(user, expire=3600) expire ||= 3600 return encrypt("#{user}:#{Time.now.to_i + expire.to_i}") end
Returns a valid password string to create a user using this auth driver. In this case the ssh public key.
# File lib/opennebula/ssh_auth.rb, line 78 def password @public_key end
Private Instance Methods
Decrypts base 64 encoded data with pub_key (public key)
# File lib/opennebula/ssh_auth.rb, line 114 def decrypt(data) @public_key_rsa.public_decrypt(Base64::decode64(data)) end
Methods to handle ssh keys
Encrypts data with the private key of the user and returns base 64 encoded output in a single line
# File lib/opennebula/ssh_auth.rb, line 109 def encrypt(data) Base64::encode64(@private_key_rsa.private_encrypt(data)).gsub!(/\n/, '').strip end