Show
Ignore:
Timestamp:
11/11/07 17:05:10 (5 years ago)
Author:
Ted Faber <faber@…>
Children:
906c76398e933601fe2e59e503084b2b645df5db
Parents:
e5fee75fd84b388603a8daf58ffd7eff8539c7aa
git-committer:
Ted Faber <faber@isi.edu> / 2007-11-12T01:05:10Z+0000
Message:

Auto generate the ssh keys used to coordinate gateways.

Location:
fedkit
Files:
2 modified

Legend:

Unmodified
Added
Removed

  • fedkit/splitter.conf.example

    r0404558 r22bb7f8  
    77ScriptDir: /users/faber/testbed/federation 
    88 
    9 # These will go away, but for now should be password-free ssh keys.  Format is 
    10 # unimportant (dsa vs. rsa) 
    11 GatewayPubkey: /users/faber/fed_dsa.pub 
    12 GatewaySecretKey: /users/faber/fed_dsa 
     9# These will be honored if used, but automatically generating the keys by 
     10# leaving these commented is probably better, but for now should be 
     11# password-free ssh keys.  Format is unimportant (dsa vs. rsa) 
     12# GatewayPubkey: /users/faber/fed_dsa.pub 
     13# GatewaySecretKey: /users/faber/fed_dsa 
     14 
     15# Type of key to auto generate.  RSA and DSA are valid choices, leaving it 
     16# unspecified gives you RSA keys (as long as GatewayPubKey and GatewaySecretKey 
     17# are not specified. 
     18 
     19GatewayKeyType: rsa 
    1320 
    1421# These are the SMB share to export and the user to export them as.  They 
     
    1825SMBShare: USERS 
    1926SMBUser: jhickey 
     27 
     28 
     29# The number of experiment links or lans that can be multiplexed over one 
     30# gateway pair. 
     31MuxLimit: 2 
     32 
     33 

  • fedkit/splitter.pl

    re5fee75 r22bb7f8  
    2626my($gw_secretkey, $gw_secretkey_base);# Connector secret key (full path &  
    2727                                # basename) 
     28my($keytype);                   # Type (DSA or RSA) of generated gateway keys 
    2829my $tcl_splitter;               # tcl program to split experiments 
    2930                                # (changed during devel) 
     
    139140} 
    140141 
     142# Generate SSH keys for use by the gateways.  The parameters are the type and 
     143# the filename for the private key.  The pubkey will be stored in a filename 
     144# with the same name as the private key but with .pub appended.  Type can be 
     145# dsa or rsa. 
     146 
     147sub generate_ssh_keys { 
     148    my($type, $dest) = @_; 
     149 
     150    $type =~ tr/A-Z/a-z/; 
     151    return 0 if $type !~ /(rsa|dsa)/; 
     152    system("/usr/bin/ssh-keygen -t $type -N \"\" -f $dest"); 
     153    return $@ ? 0 : 1; 
     154} 
    141155 
    142156# use scp to transfer a file, reporting true if successful and false otherwise. 
     
    453467    die "Must give an SMB user\n"; 
    454468 
    455 # For now specify these.  We may want to generate them later. 
    456 $gw_pubkey = $opts{'gatewaypubkey'}; 
    457 ($gw_pubkey_base = $gw_pubkey) =~ s#.*/##; 
    458 $gw_secretkey = $opts{'gatewaysecretkey'}; 
    459 ($gw_secretkey_base = $gw_secretkey) =~ s#.*/##; 
    460  
    461469# tcl program to split experiments (changed during devel) 
    462470$tcl_splitter = $opts{'tclparse'} || "/usr/testbed/lib/ns2ir/parse.tcl"; 
     
    472480    mkdir("$tmpdir") || die "Can't create $tmpdir: $!"; 
    473481} 
     482 
     483# If the keys are given, use them.  Otherwise create a set under $tmpdir 
     484 
     485if ( $opts{'gatewatpubkey'} && $opts{'gatewaysecretkey'}) { 
     486    $gw_pubkey = $opts{'gatewaypubkey'}; 
     487    $gw_secretkey = $opts{'gatewaysecretkey'}; 
     488} 
     489else { 
     490    $keytype = $opts{'gatewaykeytype'} || "rsa"; 
     491    mkdir("$tmpdir/keys") || die "Can't create temoprary key dir: $!\n"; 
     492    $gw_pubkey = "$tmpdir/keys/fed.$keytype.pub"; 
     493    $gw_secretkey = "$tmpdir/keys/fed.$keytype"; 
     494    print "Generating $keytype keys\n" if $verbose; 
     495    generate_ssh_keys($keytype, $gw_secretkey) ||  
     496        die "Cannot generate kets:$@\n"; 
     497} 
     498# Generate the basenames 
     499($gw_pubkey_base = $gw_pubkey) =~ s#.*/##; 
     500($gw_secretkey_base = $gw_secretkey) =~ s#.*/##; 
     501 
     502 
    474503 
    475504# Validate scripts directory 
     
    916945 
    917946The names of the files containing secret and public keys to use in setting up 
    918 tunnels between testbeds.  These will eventually be automatically generated. 
     947tunnels between testbeds.  If given they are used, otherwise keys are generated. 
     948 
     949=item GatewayKeyType 
     950 
     951This controls the kind of SSH keys generated to configure the geatways.  If 
     952given this must be B<dsa> or B<rsa>, and it defaults to B<rsa>.  The parameter 
     953is csase insensitive. 
    919954 
    920955=item TmpDir