sshclient: Push keys via the mdt-keymaster instead of ssh
This updates the push method to use mdt-keymaster rather than using the default
logins for ssh. This is predicated on the fact that mdt-keymaster only binds to
the usb0 interface, thus creating a secure point-to-point communications channel
which we can use for initial control of the board.
Change-Id: I32cb0cf7c5cb2efd2d7de460d6a18b01ec556926
diff --git a/mdt/sshclient.py b/mdt/sshclient.py
index e018559..9d72d17 100644
--- a/mdt/sshclient.py
+++ b/mdt/sshclient.py
@@ -16,6 +16,7 @@
import os
+import http.client
import paramiko
from paramiko.ssh_exception import AuthenticationException, SSHException
@@ -27,6 +28,9 @@
from mdt import sshclient
+KEYMASTER_PORT = 41337
+
+
class KeyPushError(Exception):
pass
@@ -73,26 +77,16 @@
self.client.close()
def _pushKey(self):
+ connection = http.client.HTTPConnection(self.address, KEYMASTER_PORT)
try:
- self.client.connect(
- self.address,
- username=self.username,
- password=self.password,
- allow_agent=False,
- look_for_keys=False,
- compress=True)
- except AuthenticationException as e:
- raise DefaultLoginError(e)
- except (SSHException, socket.error) as e:
- raise KeyPushError(e)
- else:
public_key = self.keystore.key().get_base64()
- self.client.exec_command('mkdir -p $HOME/.ssh')
- self.client.exec_command(
- 'echo ssh-rsa {0} mdt@localhost '
- '>>$HOME/.ssh/authorized_keys'.format(public_key))
+ authorized_keys_line = 'ssh-rsa {0} mdt\n'.format(public_key)
+ connection.request('PUT', '/', authorized_keys_line)
+ response = connection.getresponse()
+ except ConnectionError as e:
+ raise KeyPushError(e)
finally:
- self.client.close()
+ connection.close()
# Ensure the key we just pushed allows us to login
try:
