func ensureSystemSSHKey(context Context) error { identityFile := context.AgentConfig().SystemIdentityPath() // Don't generate a key unless we have to. keyExists, err := systemKeyExists(identityFile) if err != nil { return fmt.Errorf("failed to check system key exists: %v", err) } if keyExists { return nil } privateKey, publicKey, err := ssh.GenerateKey(config.JujuSystemKey) if err != nil { return fmt.Errorf("failed to create system key: %v", err) } // Write new authorised key. keyManager := keymanager.NewClient(context.APIState()) errResults, err := keyManager.AddKeys(config.JujuSystemKey, publicKey) apiErr := err if apiErr == nil { apiErr = errResults[0].Error } if err != nil || errResults[0].Error != nil { return fmt.Errorf("failed to update authoised keys with new system key: %v", apiErr) } return ioutil.WriteFile(identityFile, []byte(privateKey), 0600) }
func generatePrivateKey(c *gc.C) string { oldBits := ssh.KeyBits defer func() { ssh.KeyBits = oldBits }() ssh.KeyBits = 32 private, _, err := ssh.GenerateKey("test-client") c.Assert(err, gc.IsNil) return private }
// GenerateSystemSSHKey creates a new key for the system identity. The // authorized_keys in the environment config is updated to include the public // key for the generated key. func GenerateSystemSSHKey(env environs.Environ) (privateKey string, err error) { logger.Debugf("generate a system ssh key") // Create a new system ssh key and add that to the authorized keys. privateKey, publicKey, err := ssh.GenerateKey(config.JujuSystemKey) if err != nil { return "", fmt.Errorf("failed to create system key: %v", err) } authorized_keys := config.ConcatAuthKeys(env.Config().AuthorizedKeys(), publicKey) newConfig, err := env.Config().Apply(map[string]interface{}{ config.AuthKeysConfig: authorized_keys, }) if err != nil { return "", fmt.Errorf("failed to create new config: %v", err) } if err = env.SetConfig(newConfig); err != nil { return "", fmt.Errorf("failed to set new config: %v", err) } return privateKey, nil }