From 03cc487fe6e39e6453d3daeb71f99305c92339af Mon Sep 17 00:00:00 2001 From: Eric Date: Thu, 2 Mar 2023 18:50:09 +0800 Subject: [PATCH 1/3] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=20ed25519=20?= =?UTF-8?q?=E7=A7=81=E9=92=A5=E6=B5=8B=E8=AF=95=E5=8F=AF=E8=BF=9E=E6=8E=A5?= =?UTF-8?q?=E6=80=A7=E5=A4=B1=E8=B4=A5=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/assets/automations/base/manager.py | 10 ++++++++-- apps/common/utils/encode.py | 2 +- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/apps/assets/automations/base/manager.py b/apps/assets/automations/base/manager.py index 084ac0c82..e9cfb84e3 100644 --- a/apps/assets/automations/base/manager.py +++ b/apps/assets/automations/base/manager.py @@ -13,7 +13,7 @@ from sshtunnel import SSHTunnelForwarder, BaseSSHTunnelForwarderError from assets.automations.methods import platform_automation_methods from common.utils import get_logger, lazyproperty -from common.utils import ssh_pubkey_gen, ssh_key_string_to_obj +from common.utils import ssh_pubkey_gen, is_openssh_format_key from ops.ansible import JMSInventory, PlaybookRunner, DefaultCallback logger = get_logger(__name__) @@ -127,7 +127,13 @@ class BasePlaybookManager: key_path = os.path.join(path_dir, key_name) if not os.path.exists(key_path): - ssh_key_string_to_obj(secret, password=None).write_private_key_file(key_path) + # https://github.com/ansible/ansible-runner/issues/544 + # ssh requires OpenSSH format keys to have a full ending newline. + # It does not require this for old-style PEM keys. + with open(key_path, 'w') as f: + f.write(secret) + if is_openssh_format_key(secret): + f.write("\n") os.chmod(key_path, 0o400) return key_path diff --git a/apps/common/utils/encode.py b/apps/common/utils/encode.py index 36cd4f224..5a48261da 100644 --- a/apps/common/utils/encode.py +++ b/apps/common/utils/encode.py @@ -98,7 +98,7 @@ def ssh_private_key_gen(private_key, password=None): def ssh_pubkey_gen(private_key=None, username='jumpserver', hostname='localhost', password=None): private_key = ssh_private_key_gen(private_key, password=password) - if not isinstance(private_key, (paramiko.RSAKey, paramiko.DSSKey)): + if not isinstance(private_key, _supported_paramiko_ssh_key_types): raise IOError('Invalid private key') public_key = "%(key_type)s %(key_content)s %(username)s@%(hostname)s" % { From b951ed9206010f6273f86a85a968ca70282daaed Mon Sep 17 00:00:00 2001 From: Eric Date: Thu, 2 Mar 2023 18:57:49 +0800 Subject: [PATCH 2/3] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=20account=20?= =?UTF-8?q?=E7=A7=81=E9=92=A5=E6=96=87=E4=BB=B6=E7=94=9F=E6=88=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/accounts/models/base.py | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/apps/accounts/models/base.py b/apps/accounts/models/base.py index 7233a12a2..26ebcd89a 100644 --- a/apps/accounts/models/base.py +++ b/apps/accounts/models/base.py @@ -12,7 +12,7 @@ from accounts.const import SecretType from common.db import fields from common.utils import ( ssh_key_string_to_obj, ssh_key_gen, get_logger, - random_string, lazyproperty, parse_ssh_public_key_str + random_string, lazyproperty, parse_ssh_public_key_str, is_openssh_format_key ) from orgs.mixins.models import JMSOrgBaseModel, OrgManager @@ -118,7 +118,13 @@ class BaseAccount(JMSOrgBaseModel): key_name = '.' + md5(self.private_key.encode('utf-8')).hexdigest() key_path = os.path.join(tmp_dir, key_name) if not os.path.exists(key_path): - self.private_key_obj.write_private_key_file(key_path) + # https://github.com/ansible/ansible-runner/issues/544 + # ssh requires OpenSSH format keys to have a full ending newline. + # It does not require this for old-style PEM keys. + with open(key_path, 'w') as f: + f.write(self.secret) + if is_openssh_format_key(self.secret): + f.write("\n") os.chmod(key_path, 0o400) return key_path From eedc1ae8b50258444e052a1efccd5924bdc248e7 Mon Sep 17 00:00:00 2001 From: Eric Date: Thu, 2 Mar 2023 19:05:27 +0800 Subject: [PATCH 3/3] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=E7=B1=BB=E5=9E=8B?= =?UTF-8?q?=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/accounts/models/base.py | 2 +- apps/assets/automations/base/manager.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/accounts/models/base.py b/apps/accounts/models/base.py index 26ebcd89a..e4bd780ac 100644 --- a/apps/accounts/models/base.py +++ b/apps/accounts/models/base.py @@ -123,7 +123,7 @@ class BaseAccount(JMSOrgBaseModel): # It does not require this for old-style PEM keys. with open(key_path, 'w') as f: f.write(self.secret) - if is_openssh_format_key(self.secret): + if is_openssh_format_key(self.secret.encode('utf-8')): f.write("\n") os.chmod(key_path, 0o400) return key_path diff --git a/apps/assets/automations/base/manager.py b/apps/assets/automations/base/manager.py index e9cfb84e3..6660d6e84 100644 --- a/apps/assets/automations/base/manager.py +++ b/apps/assets/automations/base/manager.py @@ -132,7 +132,7 @@ class BasePlaybookManager: # It does not require this for old-style PEM keys. with open(key_path, 'w') as f: f.write(secret) - if is_openssh_format_key(secret): + if is_openssh_format_key(secret.encode('utf-8')): f.write("\n") os.chmod(key_path, 0o400) return key_path