From fc7c0aea0ad4f07b9ab1fff25ae0332ed55560ca Mon Sep 17 00:00:00 2001
From: Nicolas Wavrant <nicolas.wavrant@nexedi.com>
Date: Wed, 24 Aug 2016 13:54:52 +0200
Subject: [PATCH] pbs/sshkeys_authority: adds support for openssh, and support
 port in known_hosts file

---
 slapos/recipe/pbs.py               |  3 ++-
 slapos/recipe/sshkeys_authority.py | 18 ++++++++++++++----
 2 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/slapos/recipe/pbs.py b/slapos/recipe/pbs.py
index a9782279f..4fe255260 100644
--- a/slapos/recipe/pbs.py
+++ b/slapos/recipe/pbs.py
@@ -249,7 +249,8 @@ class Recipe(GenericSlapRecipe, Notify, Callback):
     # Create known_hosts file by default.
     # In some case, we don't want to create it (case where we share IP mong partitions)
     if not self.isTrueValue(self.options.get('ignore-known-hosts-file')):
-      known_hosts_file[parsed_url.hostname] = entry['server-key']
+      known_hostname = "[%s]:%s" % (parsed_url.hostname, parsed_url.port)
+      known_hosts_file[known_hostname] = entry['server-key'].strip()
 
     notifier_wrapper_path = os.path.join(self.options['wrappers-directory'], slave_id)
     rdiff_wrapper_path = notifier_wrapper_path + '_raw'
diff --git a/slapos/recipe/sshkeys_authority.py b/slapos/recipe/sshkeys_authority.py
index 22725e214..80bd3fadc 100644
--- a/slapos/recipe/sshkeys_authority.py
+++ b/slapos/recipe/sshkeys_authority.py
@@ -33,18 +33,24 @@ import re
 from slapos.recipe.librecipe import GenericBaseRecipe
 from slapos.recipe.librecipe.inotify import subfiles
 
-# This authority only works with dropbear sshkey generator
+# This authority only works with dropbear or openssh sshkey generators
 def sshkeys_authority(args):
   requests_directory = args['requests']
   keygen_binary = args['sshkeygen']
 
+  if 'openssh' in keygen_binary:
+    authority_type = 'openssh'
+  else:
+    # Keep dropbear for compatibility
+    authority_type = 'dropbear'
+
   for request_filename in subfiles(requests_directory):
 
     with open(request_filename) as request_file:
       request = json.load(request_file)
 
     key_type = request.get('type', 'rsa')
-    size = str(request.get('size', 2048))
+    size = str(request.get('size', 4096))
     try:
       private_key = request['private_key']
       public_key = request['public_key']
@@ -54,8 +60,12 @@ def sshkeys_authority(args):
     if not os.path.exists(private_key):
       if os.path.exists(public_key):
         os.unlink(public_key)
-      keygen_cmd = [keygen_binary, '-t', key_type, '-f', private_key,
-                    '-s', size]
+      if authority_type == 'openssh':
+        keygen_cmd = [keygen_binary, '-N', "", '-C', "", '-t', key_type,
+                      '-f', private_key, '-b', size]
+      else:
+        keygen_cmd = [keygen_binary, '-t', key_type, '-f', private_key,
+                      '-s', size]
       # If the keygeneration return an non-zero status, it means there's a
       # big problem. Let's exit in this case
       subprocess.check_call(keygen_cmd, env=os.environ.copy())
-- 
2.30.9