Hacker-Software
/
proxmox-cluster-network-changer
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fixed ssh keys finding

This commit is contained in:
duffyduck 2026-03-04 23:06:57 +01:00
parent 955fad399e
commit 899265faca
1 changed files with 22 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
migrator.py
View File

@ -203,18 +203,34 @@ class Migrator:
print(f" [{node.name}] WARNUNG Key-Kopie: rc={rc} {err}") print(f" [{node.name}] WARNUNG Key-Kopie: rc={rc} {err}")
# Step 2: Ensure sshd checks ~/.ssh/authorized_keys # Step 2: Ensure sshd checks ~/.ssh/authorized_keys
# Proxmox sshd_config may only list /etc/pve/priv/authorized_keys # Proxmox sshd_config may only list /etc/pve/priv/authorized_keys,
# or use AuthorizedKeysCommand pointing to /etc/pve/priv/.
# We need to ensure .ssh/authorized_keys is checked as fallback.
sshd_cmd = ( sshd_cmd = (
"cp /etc/ssh/sshd_config /etc/ssh/sshd_config.pre_migration && " "cp /etc/ssh/sshd_config /etc/ssh/sshd_config.pre_migration && "
"NEED_RELOAD=0 && "
# Handle AuthorizedKeysFile
"if grep -q '^AuthorizedKeysFile' /etc/ssh/sshd_config; then " "if grep -q '^AuthorizedKeysFile' /etc/ssh/sshd_config; then "
" if grep '^AuthorizedKeysFile' /etc/ssh/sshd_config | grep -q '.ssh/authorized_keys'; then " " if ! grep '^AuthorizedKeysFile' /etc/ssh/sshd_config | grep -q '.ssh/authorized_keys'; then "
" echo sshd_already_ok; "
" else "
" sed -i '/^AuthorizedKeysFile/s|$| .ssh/authorized_keys|' /etc/ssh/sshd_config && " " sed -i '/^AuthorizedKeysFile/s|$| .ssh/authorized_keys|' /etc/ssh/sshd_config && "
" systemctl reload sshd && " " NEED_RELOAD=1; "
" echo sshd_modified; "
" fi; " " fi; "
"else " "else "
# No AuthorizedKeysFile line = uses default (.ssh/authorized_keys), which is fine.
# But if AuthorizedKeysCommand is active, it might override. Add explicit line.
" if grep -q '^AuthorizedKeysCommand ' /etc/ssh/sshd_config; then "
" echo 'AuthorizedKeysFile .ssh/authorized_keys' >> /etc/ssh/sshd_config && "
" NEED_RELOAD=1; "
" fi; "
"fi && "
# Temporarily disable AuthorizedKeysCommand if it points to /etc/pve
"if grep '^AuthorizedKeysCommand ' /etc/ssh/sshd_config | grep -q '/etc/pve'; then "
" sed -i 's|^AuthorizedKeysCommand |#AuthorizedKeysCommand_DISABLED |' /etc/ssh/sshd_config && "
" NEED_RELOAD=1; "
"fi && "
"if [ $NEED_RELOAD -eq 1 ]; then "
" systemctl reload sshd && echo sshd_modified; "
"else "
" echo sshd_already_ok; " " echo sshd_already_ok; "
"fi" "fi"
) )