fY UdZddlZddlZddlmZddlmZmZddlm Z ddl m Z ddl m Z mZddlmZd Zd gZd d d deedededgegdZe ed<eeZej*eZdZdede de deddf dZy)zFKeys to Console: Control which SSH host keys may be written to consoleN)dedent)subputil)Cloud)Config) MetaSchema get_meta_doc) PER_INSTANCEz(%s/cloud-init/write-ssh-key-fingerprintsallcc_keys_to_consolezKeys to Consolez5Control which SSH host keys may be written to consoleapFor security reasons it may be desirable not to write SSH host keys and their fingerprints to the console. To avoid either being written to the console the ``emit_keys_to_console`` config key under the main ``ssh`` config key can be used. To avoid the fingerprint of types of SSH host keys being written to console the ``ssh_fp_console_blacklist`` config key can be used. By default, all types of keys will have their fingerprints written to console. To avoid host keys of a key type being written to console the``ssh_key_console_blacklist`` config key can be used. By default all supported host keys are written to console.z # Do not print any SSH keys to system console ssh: emit_keys_to_console: false zu # Do not print certain ssh key types to console ssh_key_console_blacklist: [rsa] z # Do not print specific ssh key fingerprints to console ssh_fp_console_blacklist: - E25451E0221B5773DEBFF178ECDACB160995AA89 - FE76292D55E8B28EE6DB2B34B2D8A784F8C0AAB0 )idnametitle descriptiondistrosexamples frequencyactivate_by_schema_keysmetac` |j}t|zS#t$r d}Yt|zSwxYw)Nz/usr/lib) usr_lib_execAttributeErrorHELPER_TOOL_TPL)distrobase_libs E/usr/lib/python3/dist-packages/cloudinit/config/cc_keys_to_console.py_get_helper_tool_pathrJs@&& X %%  X %%s  --rcfgcloudargsreturnctj|jdijddrtj d|yt |j }tjj|stjd||ytj|dg}tj|dg} |dj|dj|g}tj|\}} tjd |jzd d y#t $rtjd wxYw) Nsshemit_keys_to_consoleTz;Skipping module named %s, logging of SSH host keys disabledz9Unable to activate module %s, helper tool not found at %sssh_fp_console_blacklistssh_key_console_blacklist,z%s F)stderrconsolez*Writing keys to the system console failed!)ris_falsegetLOGdebugrrospathexistswarningget_cfg_option_listjoinr multi_logstrip Exception) rrrr helper_path fp_blacklist key_blacklistcmdstdout_stderrs rhandler=Rs }}SWWUB'++,BDIJ I4  ' 5K 77>>+ & G   ++ 'L,, ("MCHH\2CHH]4KL IIcN v0M  @A s A$D-- E )__doc__loggingr.textwrapr cloudinitrrcloudinit.cloudrcloudinit.configrcloudinit.config.schemarr cloudinit.settingsr rrr__annotations__ getLogger__name__r,rstrlistr=rrMsM  !#<+= '   D ;       .!S*j*V t g!&6%trL