diff --git a/TODO b/TODO index 4990b23..9cb52ed 100644 --- a/TODO +++ b/TODO @@ -15,15 +15,6 @@ Minor bugs to fix and features to add before a 4.2 release Shouldn't give up after only one password missmatch. This is just a mater of wrapping the passwd call in a loop. -* Fix 70-install-ssh - - Currently 70-install-ssh fails to finish installing the ssh-server - because it does not have a random seed to generate the host keys. - Mounting /proc and /dev in chroot prior to calling the install - function should fix this. If ssh-server is successfully installed - in the domU, it's key fingerprint should be echo'd in a way that - can easily be grep'ed into other scripts. - * Test and support more file system types. Actually this should be pretty simple now that the parameters are diff --git a/bin/xen-create-image b/bin/xen-create-image index fab97f4..0414037 100755 --- a/bin/xen-create-image +++ b/bin/xen-create-image @@ -3933,12 +3933,22 @@ sub unMountImage sub END { - + my $host_rsa_key = ''; # # Unmount the image if it is still mounted. # if ( defined($MOUNT_POINT) ) { + # + # Before we unmount get the host's RSA key + # + my $key_path .= $MOUNT_POINT; + $key_path .= '/etc/ssh/ssh_host_rsa_key.pub'; + if ( `ssh-keygen -lf $key_path` =~ /^(\S+)\s+(\S+)/ ) { + $host_rsa_key = $2; + } else { + $host_rsa_key = "N/A"; + } unMountImage($MOUNT_POINT); } @@ -3961,6 +3971,8 @@ sub END # Did we fail? If so then we should remove the broken installation, # unless "--keep" was specified. # + # If we didn't fail, then we assume we succeeded, print a summary + # if ( ($FAIL == 1) && ( !$CONFIG{ 'keep' } ) ) { @@ -3971,5 +3983,22 @@ sub END logprint("Removing failed install: $CONFIG{'hostname'}\n"); system("xen-delete-image --hostname=$CONFIG{'hostname'}"); + } else { + # + # Assume success + # + logprint("\nInstallation Summary\n"); + logprint("---------------------\n"); + logprint("Hostname : $CONFIG{'hostname'}\n"); + logprint("Distribution : $CONFIG{'dist'}\n"); + logprint("IP-Address : "); + if ( $CONFIG{ 'dhcp' } ) { + logprint("dynamic"); + } elsif( $CONFIG{ 'ip' } ) { + logprint( $CONFIG{ 'ip' } ); + } + logprint("\n"); + logprint("RSA Fingerprint : $host_rsa_key"); + logprint("\n\n"); } } diff --git a/hooks/debian/70-install-ssh b/hooks/debian/70-install-ssh index c192e20..a5f311e 100755 --- a/hooks/debian/70-install-ssh +++ b/hooks/debian/70-install-ssh @@ -1,18 +1,17 @@ #!/bin/sh # -# This script installs OpenSSH upon the new system. +# This script installs OpenSSH Server on the newly created guest. +# +# It does this by generating the keys within the host, since guests +# do not have the necessary /dev/random and /dev/urandom to generate +# their own keys before boot. # -# It must make sure that the server is not running before it exits -# otherwise the temporary mounted directory will not be unmountable. -# -# Steve +# Dmitry Nedospasov # -- -# http://www.steve.org.uk/ - +# http://nedos.net/ prefix=$1 - # # Source our common functions # @@ -22,20 +21,40 @@ else . ./hooks/common.sh fi - # # Log our start # logMessage Script $0 starting +# +# Since our guests doesn't have an RNG, generate the keys from the host +# +# First, create an ssh directory +# +mkdir -p ${prefix}/etc/ssh + +# +# Second, Generate the Host RSA Key +# +if ssh-keygen -t rsa -N '' -f ${prefix}/etc/ssh/ssh_host_rsa_key -C "root@${hostname}"; then + logMessage "successfully generetaged Host RSA" +else + logMessage "failed to generate Host RSA Key" +fi + +# +# Third, Generate the Host DSA Key +# +if ssh-keygen -t dsa -N '' -f ${prefix}/etc/ssh/ssh_host_dsa_key -C "root@${hostname}"; then + logMessage "successfully generetaged Host DSA" +else + logMessage "failed to generate Host DSA Key" +fi # # Install ssh # installDebianPackage ${prefix} openssh-server - -# -# Log our finish -# logMessage Script $0 finished +