commit 409cb5591a6819d01cf5f126d2e1a3c8a952f20f
author June Tate-Gans <jtgans@google.com> Thu Mar 07 14:11:42 2019 -0800
committer June Tate-Gans <jtgans@google.com> Thu Mar 07 14:11:42 2019 -0800
tree e309a8d95692b1fbbc3a01eb659999525d946334
parent 1a7df53c8f53f8705d460d778375eb657542393f

sshclient: Add default login keypushing as a fallback

This allows older installs of Mendel that don't run mdt-keymaster the ability to
still receive keys using a default username/password combo.

Change-Id: I066ff4f8ee116a9249e5fcc10607dfff819b095c

mdt/sshclient.py

diff --git a/mdt/sshclient.py b/mdt/sshclient.py
index 9d72d17..90c516b 100644
--- a/mdt/sshclient.py
+++ b/mdt/sshclient.py
@@ -15,8 +15,10 @@
 '''
 
 
-import os
 import http.client
+import os
+import socket
+import time
 
 import paramiko
 from paramiko.ssh_exception import AuthenticationException, SSHException
@@ -76,18 +78,52 @@
         finally:
             self.client.close()
 
-    def _pushKey(self):
+    def _generateAuthorizedKeysLine(self):
+        public_key = self.keystore.key().get_base64()
+        authorized_keys_line = 'ssh-rsa {0} mdt'.format(public_key)
+        return authorized_keys_line
+
+    def _pushKeyViaKeymaster(self):
         connection = http.client.HTTPConnection(self.address, KEYMASTER_PORT)
         try:
-            public_key = self.keystore.key().get_base64()
-            authorized_keys_line = 'ssh-rsa {0} mdt\n'.format(public_key)
-            connection.request('PUT', '/', authorized_keys_line)
+            key_line = self._generateAuthorizedKeysLine()
+            connection.request('PUT', '/', key_line + '\n')
             response = connection.getresponse()
         except ConnectionError as e:
             raise KeyPushError(e)
         finally:
             connection.close()
 
+    def _pushKeyViaDefaultLogin(self):
+        try:
+            self.client.connect(
+                    self.address,
+                    username=self.username,
+                    password=self.password,
+                    allow_agent=False,
+                    look_for_keys=False,
+                    compress=True)
+        except AuthenticationException as e:
+            raise DefaultLoginError(e)
+        except (SSHException, socket.error) as e:
+            raise KeyPushError(e)
+        else:
+            key_line = self._generateAuthorizedKeysLine()
+            self.client.exec_command('mkdir -p $HOME/.ssh')
+            self.client.exec_command(
+                'echo {0} >>$HOME/.ssh/authorized_keys'.format(key_line))
+        finally:
+            self.client.close()
+
+    def _pushKey(self):
+        try:
+            self._pushKeyViaKeymaster()
+        except KeyPushError as e:
+            print('Failed to push via keymaster -- attempting password login')
+            self._pushKeyViaDefaultLogin()
+
+        time.sleep(1)
+
         # Ensure the key we just pushed allows us to login
         try:
             self.client.connect(