golden hour
/opt/saltstack/salt/lib/python3.10/site-packages/salt/modules
⬆️ Go Up
Upload
File/Folder
Size
Actions
__init__.py
35 B
Del
OK
__pycache__
-
Del
OK
acme.py
12.74 KB
Del
OK
aix_group.py
4.12 KB
Del
OK
aix_shadow.py
1.93 KB
Del
OK
aixpkg.py
24.15 KB
Del
OK
aliases.py
5.07 KB
Del
OK
alternatives.py
5.71 KB
Del
OK
ansiblegate.py
19.51 KB
Del
OK
apache.py
12.47 KB
Del
OK
apcups.py
2.15 KB
Del
OK
apf.py
3.09 KB
Del
OK
apkpkg.py
16 KB
Del
OK
aptly.py
15.28 KB
Del
OK
aptpkg.py
116.64 KB
Del
OK
archive.py
48.63 KB
Del
OK
arista_pyeapi.py
22.06 KB
Del
OK
artifactory.py
24.78 KB
Del
OK
at.py
10.72 KB
Del
OK
at_solaris.py
8.51 KB
Del
OK
augeas_cfg.py
13.93 KB
Del
OK
aws_sqs.py
6.55 KB
Del
OK
azurearm_compute.py
20.8 KB
Del
OK
azurearm_dns.py
15.8 KB
Del
OK
azurearm_network.py
82.99 KB
Del
OK
azurearm_resource.py
35.75 KB
Del
OK
bamboohr.py
7.36 KB
Del
OK
baredoc.py
11.13 KB
Del
OK
bcache.py
28.97 KB
Del
OK
beacons.py
27.82 KB
Del
OK
bigip.py
69.11 KB
Del
OK
bluez_bluetooth.py
6.76 KB
Del
OK
boto3_elasticache.py
37.34 KB
Del
OK
boto3_elasticsearch.py
53.17 KB
Del
OK
boto3_route53.py
39.82 KB
Del
OK
boto3_sns.py
12.93 KB
Del
OK
boto_apigateway.py
61.86 KB
Del
OK
boto_asg.py
35.69 KB
Del
OK
boto_cfn.py
7.95 KB
Del
OK
boto_cloudfront.py
12.75 KB
Del
OK
boto_cloudtrail.py
14.45 KB
Del
OK
boto_cloudwatch.py
10.99 KB
Del
OK
boto_cloudwatch_event.py
9.48 KB
Del
OK
boto_cognitoidentity.py
14.63 KB
Del
OK
boto_datapipeline.py
6.94 KB
Del
OK
boto_dynamodb.py
14.98 KB
Del
OK
boto_ec2.py
79.27 KB
Del
OK
boto_efs.py
14.05 KB
Del
OK
boto_elasticache.py
23.69 KB
Del
OK
boto_elasticsearch_domain.py
15.85 KB
Del
OK
boto_elb.py
35.53 KB
Del
OK
boto_elbv2.py
10.78 KB
Del
OK
boto_iam.py
75.62 KB
Del
OK
boto_iot.py
26.2 KB
Del
OK
boto_kinesis.py
19.62 KB
Del
OK
boto_kms.py
17.29 KB
Del
OK
boto_lambda.py
35.05 KB
Del
OK
boto_rds.py
34.92 KB
Del
OK
boto_route53.py
32.55 KB
Del
OK
boto_s3.py
4.24 KB
Del
OK
boto_s3_bucket.py
31.8 KB
Del
OK
boto_secgroup.py
25.22 KB
Del
OK
boto_sns.py
7.22 KB
Del
OK
boto_sqs.py
6.43 KB
Del
OK
boto_ssm.py
3.63 KB
Del
OK
boto_vpc.py
113.08 KB
Del
OK
bower.py
5.85 KB
Del
OK
bridge.py
10.81 KB
Del
OK
bsd_shadow.py
6.25 KB
Del
OK
btrfs.py
33.66 KB
Del
OK
cabal.py
3.79 KB
Del
OK
capirca_acl.py
40.04 KB
Del
OK
cassandra_cql.py
54.16 KB
Del
OK
cassandra_mod.py
4.3 KB
Del
OK
celery.py
3.33 KB
Del
OK
ceph.py
15.82 KB
Del
OK
chassis.py
1.52 KB
Del
OK
chef.py
4.66 KB
Del
OK
chocolatey.py
41.55 KB
Del
OK
chronos.py
2.89 KB
Del
OK
chroot.py
11.73 KB
Del
OK
cimc.py
23.02 KB
Del
OK
ciscoconfparse_mod.py
14.79 KB
Del
OK
cisconso.py
3.83 KB
Del
OK
cloud.py
9.39 KB
Del
OK
cmdmod.py
163.73 KB
Del
OK
composer.py
10.31 KB
Del
OK
config.py
16.98 KB
Del
OK
consul.py
69.3 KB
Del
OK
container_resource.py
12.94 KB
Del
OK
cp.py
31.98 KB
Del
OK
cpan.py
5.54 KB
Del
OK
cron.py
28.09 KB
Del
OK
cryptdev.py
10.08 KB
Del
OK
csf.py
16.04 KB
Del
OK
cyg.py
8.32 KB
Del
OK
daemontools.py
5.41 KB
Del
OK
data.py
3.85 KB
Del
OK
datadog_api.py
7.76 KB
Del
OK
ddns.py
7.12 KB
Del
OK
deb_apache.py
7.41 KB
Del
OK
deb_postgres.py
4.18 KB
Del
OK
debconfmod.py
4.06 KB
Del
OK
debian_ip.py
64.91 KB
Del
OK
debian_service.py
6.55 KB
Del
OK
debuild_pkgbuild.py
34.68 KB
Del
OK
defaults.py
6.55 KB
Del
OK
devinfo.py
9.07 KB
Del
OK
devmap.py
627 B
Del
OK
dig.py
8.75 KB
Del
OK
disk.py
30.82 KB
Del
OK
djangomod.py
7.53 KB
Del
OK
dnsmasq.py
5.71 KB
Del
OK
dnsutil.py
11.51 KB
Del
OK
dockercompose.py
32.62 KB
Del
OK
dockermod.py
224.85 KB
Del
OK
dpkg_lowpkg.py
12.94 KB
Del
OK
drac.py
10.97 KB
Del
OK
dracr.py
38.53 KB
Del
OK
drbd.py
7.19 KB
Del
OK
dummyproxy_pkg.py
2.46 KB
Del
OK
dummyproxy_service.py
2.91 KB
Del
OK
ebuildpkg.py
38.74 KB
Del
OK
eix.py
1.58 KB
Del
OK
elasticsearch.py
51.44 KB
Del
OK
environ.py
8.96 KB
Del
OK
eselect.py
4.99 KB
Del
OK
esxcluster.py
1.66 KB
Del
OK
esxdatacenter.py
1.68 KB
Del
OK
esxi.py
2.79 KB
Del
OK
esxvm.py
1.63 KB
Del
OK
etcd_mod.py
8.56 KB
Del
OK
ethtool.py
11.12 KB
Del
OK
event.py
7.67 KB
Del
OK
extfs.py
8.78 KB
Del
OK
file.py
232.18 KB
Del
OK
firewalld.py
20.51 KB
Del
OK
freebsd_sysctl.py
4.99 KB
Del
OK
freebsd_update.py
6.19 KB
Del
OK
freebsdjail.py
7.16 KB
Del
OK
freebsdkmod.py
6.17 KB
Del
OK
freebsdpkg.py
17.04 KB
Del
OK
freebsdports.py
13.13 KB
Del
OK
freebsdservice.py
12.53 KB
Del
OK
freezer.py
10.2 KB
Del
OK
gcp_addon.py
4.07 KB
Del
OK
gem.py
10.6 KB
Del
OK
genesis.py
21.75 KB
Del
OK
gentoo_service.py
9.18 KB
Del
OK
gentoolkitmod.py
8.39 KB
Del
OK
git.py
172.01 KB
Del
OK
github.py
53.19 KB
Del
OK
glanceng.py
4.69 KB
Del
OK
glassfish.py
19.49 KB
Del
OK
glusterfs.py
19.55 KB
Del
OK
gnomedesktop.py
6.85 KB
Del
OK
google_chat.py
1.52 KB
Del
OK
gpg.py
39.09 KB
Del
OK
grafana4.py
30.27 KB
Del
OK
grains.py
21.81 KB
Del
OK
groupadd.py
11.87 KB
Del
OK
grub_legacy.py
3.08 KB
Del
OK
guestfs.py
2.37 KB
Del
OK
hadoop.py
3.76 KB
Del
OK
haproxyconn.py
10.17 KB
Del
OK
hashutil.py
6.77 KB
Del
OK
heat.py
25.25 KB
Del
OK
helm.py
39.27 KB
Del
OK
hg.py
7.16 KB
Del
OK
highstate_doc.py
22.76 KB
Del
OK
hosts.py
10.47 KB
Del
OK
http.py
3.76 KB
Del
OK
icinga2.py
4.46 KB
Del
OK
idem.py
1.75 KB
Del
OK
ifttt.py
2.28 KB
Del
OK
ilo.py
15.98 KB
Del
OK
incron.py
7.68 KB
Del
OK
influxdb08mod.py
15.07 KB
Del
OK
influxdbmod.py
16.13 KB
Del
OK
infoblox.py
17.53 KB
Del
OK
ini_manage.py
14.63 KB
Del
OK
inspectlib
-
Del
OK
inspector.py
8.19 KB
Del
OK
introspect.py
4.02 KB
Del
OK
iosconfig.py
14.78 KB
Del
OK
ipmi.py
25.47 KB
Del
OK
ipset.py
17.97 KB
Del
OK
iptables.py
57.44 KB
Del
OK
iwtools.py
3.99 KB
Del
OK
jboss7.py
20.51 KB
Del
OK
jboss7_cli.py
15.23 KB
Del
OK
jenkinsmod.py
11.9 KB
Del
OK
jinja.py
2.66 KB
Del
OK
jira_mod.py
7.07 KB
Del
OK
junos.py
73.96 KB
Del
OK
k8s.py
24.87 KB
Del
OK
kapacitor.py
5.37 KB
Del
OK
kerberos.py
5.42 KB
Del
OK
kernelpkg_linux_apt.py
6.71 KB
Del
OK
kernelpkg_linux_yum.py
7.26 KB
Del
OK
key.py
1007 B
Del
OK
keyboard.py
2.64 KB
Del
OK
keystone.py
43.14 KB
Del
OK
keystoneng.py
21.82 KB
Del
OK
keystore.py
7.18 KB
Del
OK
kmod.py
7.65 KB
Del
OK
kubeadm.py
34.64 KB
Del
OK
kubernetesmod.py
46.77 KB
Del
OK
launchctl_service.py
9.69 KB
Del
OK
layman.py
4.22 KB
Del
OK
ldap3.py
18.81 KB
Del
OK
ldapmod.py
5.9 KB
Del
OK
libcloud_compute.py
23.48 KB
Del
OK
libcloud_dns.py
9.73 KB
Del
OK
libcloud_loadbalancer.py
13.14 KB
Del
OK
libcloud_storage.py
12.16 KB
Del
OK
linux_acl.py
7.7 KB
Del
OK
linux_ip.py
5.55 KB
Del
OK
linux_lvm.py
17.86 KB
Del
OK
linux_service.py
4.64 KB
Del
OK
linux_shadow.py
12.96 KB
Del
OK
linux_sysctl.py
7.5 KB
Del
OK
localemod.py
11.84 KB
Del
OK
locate.py
2.58 KB
Del
OK
logadm.py
9.44 KB
Del
OK
logmod.py
1.25 KB
Del
OK
logrotate.py
7.72 KB
Del
OK
lvs.py
11.54 KB
Del
OK
lxc.py
147.27 KB
Del
OK
lxd.py
90.07 KB
Del
OK
mac_assistive.py
11.37 KB
Del
OK
mac_brew_pkg.py
19.91 KB
Del
OK
mac_desktop.py
2.77 KB
Del
OK
mac_group.py
6.62 KB
Del
OK
mac_keychain.py
6.39 KB
Del
OK
mac_pkgutil.py
2.84 KB
Del
OK
mac_portspkg.py
11.36 KB
Del
OK
mac_power.py
13.29 KB
Del
OK
mac_service.py
19.64 KB
Del
OK
mac_shadow.py
14.23 KB
Del
OK
mac_softwareupdate.py
14.52 KB
Del
OK
mac_sysctl.py
5.13 KB
Del
OK
mac_system.py
15.07 KB
Del
OK
mac_timezone.py
8.34 KB
Del
OK
mac_user.py
16.41 KB
Del
OK
mac_xattr.py
6.27 KB
Del
OK
macdefaults.py
2.33 KB
Del
OK
macpackage.py
6.66 KB
Del
OK
makeconf.py
17.31 KB
Del
OK
mandrill.py
6.31 KB
Del
OK
marathon.py
5.36 KB
Del
OK
match.py
13 KB
Del
OK
mattermost.py
3.4 KB
Del
OK
mdadm_raid.py
9.86 KB
Del
OK
mdata.py
3.38 KB
Del
OK
memcached.py
6.13 KB
Del
OK
mine.py
18.84 KB
Del
OK
minion.py
7.68 KB
Del
OK
mod_random.py
7.18 KB
Del
OK
modjk.py
12.48 KB
Del
OK
mongodb.py
29.75 KB
Del
OK
monit.py
5.51 KB
Del
OK
moosefs.py
3.87 KB
Del
OK
mount.py
58.44 KB
Del
OK
mssql.py
14.64 KB
Del
OK
msteams.py
2.11 KB
Del
OK
munin.py
2.4 KB
Del
OK
mysql.py
90.66 KB
Del
OK
nacl.py
9.72 KB
Del
OK
nagios.py
6.53 KB
Del
OK
nagios_rpc.py
5.09 KB
Del
OK
namecheap_domains.py
12.84 KB
Del
OK
namecheap_domains_dns.py
5.93 KB
Del
OK
namecheap_domains_ns.py
4.51 KB
Del
OK
namecheap_ssl.py
25.69 KB
Del
OK
namecheap_users.py
2.4 KB
Del
OK
napalm_bgp.py
9.72 KB
Del
OK
napalm_formula.py
11.33 KB
Del
OK
napalm_mod.py
61.37 KB
Del
OK
napalm_netacl.py
28.59 KB
Del
OK
napalm_network.py
93.22 KB
Del
OK
napalm_ntp.py
10.22 KB
Del
OK
napalm_probes.py
13.25 KB
Del
OK
napalm_route.py
5.09 KB
Del
OK
napalm_snmp.py
7.05 KB
Del
OK
napalm_users.py
6.49 KB
Del
OK
napalm_yang_mod.py
20.28 KB
Del
OK
netaddress.py
1.6 KB
Del
OK
netbox.py
32.22 KB
Del
OK
netbsd_sysctl.py
3.92 KB
Del
OK
netbsdservice.py
6.43 KB
Del
OK
netmiko_mod.py
19.61 KB
Del
OK
netscaler.py
27.02 KB
Del
OK
network.py
63.42 KB
Del
OK
neutron.py
44.92 KB
Del
OK
neutronng.py
15.02 KB
Del
OK
nexus.py
22.95 KB
Del
OK
nfs3.py
3.9 KB
Del
OK
nftables.py
33.58 KB
Del
OK
nginx.py
3.83 KB
Del
OK
nilrt_ip.py
36.18 KB
Del
OK
nix.py
8.03 KB
Del
OK
nova.py
19.6 KB
Del
OK
npm.py
10.4 KB
Del
OK
nspawn.py
41.35 KB
Del
OK
nxos.py
24.65 KB
Del
OK
nxos_api.py
14.72 KB
Del
OK
nxos_upgrade.py
14.74 KB
Del
OK
omapi.py
3.6 KB
Del
OK
openbsd_sysctl.py
3.74 KB
Del
OK
openbsdpkg.py
10.97 KB
Del
OK
openbsdrcctl_service.py
6.33 KB
Del
OK
openbsdservice.py
8.31 KB
Del
OK
openscap.py
2.81 KB
Del
OK
openstack_config.py
3.21 KB
Del
OK
openstack_mng.py
2.71 KB
Del
OK
openvswitch.py
17.19 KB
Del
OK
opkg.py
49.67 KB
Del
OK
opsgenie.py
3.29 KB
Del
OK
oracle.py
5.82 KB
Del
OK
osquery.py
24.93 KB
Del
OK
out.py
2.53 KB
Del
OK
pacmanpkg.py
31.92 KB
Del
OK
pagerduty.py
4.7 KB
Del
OK
pagerduty_util.py
13.48 KB
Del
OK
pam.py
2.01 KB
Del
OK
panos.py
61.05 KB
Del
OK
parallels.py
19.85 KB
Del
OK
parted_partition.py
21.53 KB
Del
OK
pcs.py
14.11 KB
Del
OK
pdbedit.py
10.79 KB
Del
OK
pecl.py
3.79 KB
Del
OK
peeringdb.py
8.39 KB
Del
OK
pf.py
9.51 KB
Del
OK
philips_hue.py
1.55 KB
Del
OK
pillar.py
21.37 KB
Del
OK
pip.py
53.42 KB
Del
OK
pkg_resource.py
12.3 KB
Del
OK
pkgin.py
17.29 KB
Del
OK
pkgng.py
61.07 KB
Del
OK
pkgutil.py
9.85 KB
Del
OK
portage_config.py
22.73 KB
Del
OK
postfix.py
16.24 KB
Del
OK
postgres.py
88.24 KB
Del
OK
poudriere.py
7.85 KB
Del
OK
powerpath.py
2.57 KB
Del
OK
proxy.py
11.49 KB
Del
OK
ps.py
20.89 KB
Del
OK
publish.py
10.25 KB
Del
OK
puppet.py
10.9 KB
Del
OK
purefa.py
33.59 KB
Del
OK
purefb.py
13.69 KB
Del
OK
pushbullet.py
1.88 KB
Del
OK
pushover_notify.py
3.48 KB
Del
OK
pw_group.py
4.62 KB
Del
OK
pw_user.py
12.47 KB
Del
OK
pyenv.py
6.93 KB
Del
OK
qemu_img.py
1.53 KB
Del
OK
qemu_nbd.py
3.28 KB
Del
OK
quota.py
6.43 KB
Del
OK
rabbitmq.py
38.4 KB
Del
OK
rallydev.py
6.09 KB
Del
OK
random_org.py
23.76 KB
Del
OK
rbac_solaris.py
16.05 KB
Del
OK
rbenv.py
10.75 KB
Del
OK
rdp.py
6.08 KB
Del
OK
rebootmgr.py
7.68 KB
Del
OK
redismod.py
16.36 KB
Del
OK
reg.py
16.36 KB
Del
OK
rest_pkg.py
2.26 KB
Del
OK
rest_sample_utils.py
558 B
Del
OK
rest_service.py
3.63 KB
Del
OK
restartcheck.py
24.1 KB
Del
OK
restconf.py
3.15 KB
Del
OK
ret.py
1.27 KB
Del
OK
rh_ip.py
38.55 KB
Del
OK
rh_service.py
16.61 KB
Del
OK
riak.py
5.19 KB
Del
OK
rpm_lowpkg.py
27.67 KB
Del
OK
rpmbuild_pkgbuild.py
24.53 KB
Del
OK
rsync.py
8.04 KB
Del
OK
runit.py
17.17 KB
Del
OK
rvm.py
11.1 KB
Del
OK
s3.py
9.93 KB
Del
OK
s6.py
3.62 KB
Del
OK
salt_proxy.py
4.48 KB
Del
OK
salt_version.py
4.58 KB
Del
OK
saltcheck.py
46.66 KB
Del
OK
saltcloudmod.py
954 B
Del
OK
saltutil.py
57.49 KB
Del
OK
schedule.py
50.81 KB
Del
OK
scp_mod.py
6.22 KB
Del
OK
scsi.py
2.66 KB
Del
OK
sdb.py
2.48 KB
Del
OK
seed.py
8.87 KB
Del
OK
selinux.py
24.2 KB
Del
OK
sensehat.py
7.79 KB
Del
OK
sensors.py
1.3 KB
Del
OK
serverdensity_device.py
8.1 KB
Del
OK
servicenow.py
4.36 KB
Del
OK
slack_notify.py
7.83 KB
Del
OK
slackware_service.py
6.84 KB
Del
OK
slsutil.py
19.04 KB
Del
OK
smartos_imgadm.py
12.04 KB
Del
OK
smartos_nictagadm.py
6.46 KB
Del
OK
smartos_virt.py
5.21 KB
Del
OK
smartos_vmadm.py
26.2 KB
Del
OK
smbios.py
10.05 KB
Del
OK
smf_service.py
8.52 KB
Del
OK
smtp.py
5.41 KB
Del
OK
snapper.py
27.14 KB
Del
OK
solaris_fmadm.py
11.2 KB
Del
OK
solaris_group.py
2.8 KB
Del
OK
solaris_shadow.py
7.98 KB
Del
OK
solaris_system.py
3.72 KB
Del
OK
solaris_user.py
11.06 KB
Del
OK
solarisipspkg.py
18.68 KB
Del
OK
solarispkg.py
15.4 KB
Del
OK
solr.py
45.54 KB
Del
OK
solrcloud.py
14.63 KB
Del
OK
splunk.py
8.14 KB
Del
OK
splunk_search.py
8.76 KB
Del
OK
sqlite3.py
2.54 KB
Del
OK
ssh.py
43.89 KB
Del
OK
ssh_pkg.py
1.08 KB
Del
OK
ssh_service.py
3.39 KB
Del
OK
state.py
82.34 KB
Del
OK
status.py
57.79 KB
Del
OK
statuspage.py
14.67 KB
Del
OK
supervisord.py
11.15 KB
Del
OK
suse_apache.py
2.45 KB
Del
OK
suse_ip.py
35.72 KB
Del
OK
svn.py
10.75 KB
Del
OK
swarm.py
13.5 KB
Del
OK
swift.py
5.53 KB
Del
OK
sysbench.py
6.62 KB
Del
OK
sysfs.py
6.61 KB
Del
OK
syslog_ng.py
31.52 KB
Del
OK
sysmod.py
22.59 KB
Del
OK
sysrc.py
3.38 KB
Del
OK
system.py
19.28 KB
Del
OK
system_profiler.py
3.54 KB
Del
OK
systemd_service.py
46.29 KB
Del
OK
telegram.py
3.28 KB
Del
OK
telemetry.py
12.87 KB
Del
OK
temp.py
831 B
Del
OK
test.py
15.4 KB
Del
OK
test_virtual.py
237 B
Del
OK
testinframod.py
9.92 KB
Del
OK
textfsm_mod.py
16.22 KB
Del
OK
timezone.py
19.98 KB
Del
OK
tls.py
58.63 KB
Del
OK
tomcat.py
18.59 KB
Del
OK
trafficserver.py
10.44 KB
Del
OK
transactional_update.py
35.83 KB
Del
OK
travisci.py
2.05 KB
Del
OK
tuned.py
2.34 KB
Del
OK
twilio_notify.py
2.95 KB
Del
OK
udev.py
3.72 KB
Del
OK
upstart_service.py
16.92 KB
Del
OK
uptime.py
3.23 KB
Del
OK
useradd.py
22.63 KB
Del
OK
uwsgi.py
996 B
Del
OK
vagrant.py
20.4 KB
Del
OK
varnish.py
3.08 KB
Del
OK
vault.py
15.61 KB
Del
OK
vbox_guest.py
10.55 KB
Del
OK
vboxmanage.py
14.71 KB
Del
OK
vcenter.py
1.61 KB
Del
OK
victorops.py
6.54 KB
Del
OK
virt.py
287.71 KB
Del
OK
virtualenv_mod.py
15.09 KB
Del
OK
vmctl.py
9.56 KB
Del
OK
vsphere.py
380.41 KB
Del
OK
webutil.py
3.66 KB
Del
OK
win_auditpol.py
4.74 KB
Del
OK
win_autoruns.py
2.29 KB
Del
OK
win_certutil.py
4.55 KB
Del
OK
win_dacl.py
32.27 KB
Del
OK
win_disk.py
1.8 KB
Del
OK
win_dism.py
20.7 KB
Del
OK
win_dns_client.py
4.19 KB
Del
OK
win_dsc.py
27.54 KB
Del
OK
win_event.py
22.32 KB
Del
OK
win_file.py
64.39 KB
Del
OK
win_firewall.py
20.15 KB
Del
OK
win_groupadd.py
11.27 KB
Del
OK
win_iis.py
68.78 KB
Del
OK
win_ip.py
11.43 KB
Del
OK
win_lgpo.py
491.76 KB
Del
OK
win_lgpo_reg.py
17.9 KB
Del
OK
win_license.py
2.72 KB
Del
OK
win_network.py
13.9 KB
Del
OK
win_ntp.py
1.8 KB
Del
OK
win_path.py
11.12 KB
Del
OK
win_pkg.py
86.43 KB
Del
OK
win_pki.py
15.8 KB
Del
OK
win_powercfg.py
9.85 KB
Del
OK
win_psget.py
8.97 KB
Del
OK
win_servermanager.py
14.21 KB
Del
OK
win_service.py
32.96 KB
Del
OK
win_shadow.py
3.03 KB
Del
OK
win_shortcut.py
16.49 KB
Del
OK
win_smtp_server.py
17.67 KB
Del
OK
win_snmp.py
13.38 KB
Del
OK
win_status.py
16.94 KB
Del
OK
win_system.py
40.61 KB
Del
OK
win_task.py
79.17 KB
Del
OK
win_timezone.py
13.3 KB
Del
OK
win_useradd.py
27.39 KB
Del
OK
win_wua.py
38.29 KB
Del
OK
win_wusa.py
5.88 KB
Del
OK
winrepo.py
6.09 KB
Del
OK
wordpress.py
4.71 KB
Del
OK
x509.py
63.1 KB
Del
OK
x509_v2.py
74.15 KB
Del
OK
xapi_virt.py
24.07 KB
Del
OK
xbpspkg.py
15.84 KB
Del
OK
xfs.py
15.35 KB
Del
OK
xml.py
2.14 KB
Del
OK
xmpp.py
5.28 KB
Del
OK
yaml.py
1.94 KB
Del
OK
yumpkg.py
116.5 KB
Del
OK
zabbix.py
97.55 KB
Del
OK
zcbuildout.py
28.16 KB
Del
OK
zenoss.py
5.64 KB
Del
OK
zfs.py
34.44 KB
Del
OK
zk_concurrency.py
11.16 KB
Del
OK
znc.py
2.26 KB
Del
OK
zoneadm.py
15.05 KB
Del
OK
zonecfg.py
21.85 KB
Del
OK
zookeeper.py
14.72 KB
Del
OK
zpool.py
44.02 KB
Del
OK
zypperpkg.py
94.87 KB
Del
OK
Edit: ssh.py
""" Manage client ssh components .. note:: This module requires the use of MD5 hashing. Certain security audits may not permit the use of MD5. For those cases, this module should be disabled or removed. """ import base64 import binascii import hashlib import logging import os import re import subprocess import salt.utils.data import salt.utils.decorators.path import salt.utils.files import salt.utils.path import salt.utils.platform import salt.utils.stringutils from salt.exceptions import CommandExecutionError, SaltInvocationError log = logging.getLogger(__name__) DEFAULT_SSH_PORT = 22 def __virtual__(): if not salt.utils.path.which("ssh"): return False, "The module requires the ssh binary." return True def _refine_enc(enc): """ Return the properly formatted ssh value for the authorized encryption key type. ecdsa defaults to 256 bits, must give full ecdsa enc schema string if using higher enc. If the type is not found, raise CommandExecutionError. """ rsa = ["r", "rsa", "ssh-rsa"] dss = ["d", "dsa", "dss", "ssh-dss"] ecdsa = [ "e", "ecdsa", "ecdsa-sha2-nistp521", "ecdsa-sha2-nistp384", "ecdsa-sha2-nistp256", ] ed25519 = ["ed25519", "ssh-ed25519"] also_allowed = [ "rsa-sha2-512", "rsa-sha2-256", "rsa-sha2-512-cert-v01@openssh.com", "rsa-sha2-256-cert-v01@openssh.com", "ssh-rsa-cert-v01@openssh.com", "ecdsa-sha2-nistp256-cert-v01@openssh.com", "ecdsa-sha2-nistp384-cert-v01@openssh.com", "ecdsa-sha2-nistp521-cert-v01@openssh.com", "sk-ecdsa-sha2-nistp256@openssh.com", "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com", "ssh-ed25519-cert-v01@openssh.com", "sk-ssh-ed25519@openssh.com", "sk-ssh-ed25519-cert-v01@openssh.com", ] if enc in rsa: return "ssh-rsa" elif enc in dss: return "ssh-dss" elif enc in ecdsa: # ecdsa defaults to ecdsa-sha2-nistp256 # otherwise enc string is actual encoding string if enc in ["e", "ecdsa"]: return "ecdsa-sha2-nistp256" return enc elif enc in ed25519: return "ssh-ed25519" elif enc in also_allowed: return enc else: raise CommandExecutionError("Incorrect encryption key type '{}'.".format(enc)) def _format_auth_line(key, enc, comment, options): """ Properly format user input. """ line = "" if options: line += "{} ".format(",".join(options)) line += "{} {} {}\n".format(enc, key, comment) return line def _expand_authorized_keys_path(path, user, home): """ Expand the AuthorizedKeysFile expression. Defined in man sshd_config(5) """ converted_path = "" had_escape = False for char in path: if had_escape: had_escape = False if char == "%": converted_path += "%" elif char == "u": converted_path += user elif char == "h": converted_path += home else: error = 'AuthorizedKeysFile path: unknown token character "%{}"'.format( char ) raise CommandExecutionError(error) continue elif char == "%": had_escape = True else: converted_path += char if had_escape: error = "AuthorizedKeysFile path: Last character can't be escape character" raise CommandExecutionError(error) return converted_path def _get_config_file(user, config): """ Get absolute path to a user's ssh_config. """ uinfo = __salt__["user.info"](user) if not uinfo: raise CommandExecutionError("User '{}' does not exist".format(user)) home = uinfo["home"] config = _expand_authorized_keys_path(config, user, home) if not os.path.isabs(config): config = os.path.join(home, config) return config def _replace_auth_key( user, key, enc="ssh-rsa", comment="", options=None, config=".ssh/authorized_keys" ): """ Replace an existing key """ auth_line = _format_auth_line(key, enc, comment, options or []) lines = [] full = _get_config_file(user, config) try: # open the file for both reading AND writing with salt.utils.files.fopen(full, "r") as _fh: for line in _fh: # We don't need any whitespace-only containing lines or arbitrary doubled newlines line = salt.utils.stringutils.to_unicode(line.strip()) if line == "": continue line += "\n" if line.startswith("#"): # Commented Line lines.append(line) continue comps = re.findall( r"((.*)\s)?((?:sk-)?(?:ssh|ecdsa)-[a-z0-9@.-]+)\s([a-zA-Z0-9+/]+={0,2})(\s(.*))?", line, ) if comps and len(comps[0]) > 3 and comps[0][3] == key: # Found our key, replace it lines.append(auth_line) else: lines.append(line) _fh.close() # Re-open the file writable after properly closing it with salt.utils.files.fopen(full, "wb") as _fh: # Write out any changes _fh.writelines(salt.utils.data.encode(lines)) except OSError as exc: raise CommandExecutionError( "Problem reading or writing to key file: {}".format(exc) ) def _validate_keys(key_file, fingerprint_hash_type): """ Return a dict containing validated keys in the passed file """ ret = {} linere = re.compile(r"^(.*?)\s?((?:sk-)?(?:ssh\-|ecds)[\w@.-]+\s.+)$") try: with salt.utils.files.fopen(key_file, "r") as _fh: for line in _fh: # We don't need any whitespace-only containing lines or arbitrary doubled newlines line = salt.utils.stringutils.to_unicode(line.strip()) if line == "": continue line += "\n" if line.startswith("#"): # Commented Line continue # get "{options} key" search = re.search(linere, line) if not search: # not an auth ssh key, perhaps a blank line continue opts = search.group(1) comps = search.group(2).split() if len(comps) < 2: # Not a valid line continue if opts: # It has options, grab them options = opts.split(",") else: options = [] enc = comps[0] key = comps[1] comment = " ".join(comps[2:]) fingerprint = _fingerprint(key, fingerprint_hash_type) if fingerprint is None: continue ret[key] = { "enc": enc, "comment": comment, "options": options, "fingerprint": fingerprint, } except OSError: raise CommandExecutionError("Problem reading ssh key file {}".format(key_file)) return ret def _fingerprint(public_key, fingerprint_hash_type): """ Return a public key fingerprint based on its base64-encoded representation The fingerprint string is formatted according to RFC 4716 (ch.4), that is, in the form "xx:xx:...:xx" If the key is invalid (incorrect base64 string), return None public_key The public key to return the fingerprint for fingerprint_hash_type The public key fingerprint hash type that the public key fingerprint was originally hashed with. This defaults to ``sha256`` if not specified. .. versionadded:: 2016.11.4 .. versionchanged:: 2017.7.0 default changed from ``md5`` to ``sha256`` """ if fingerprint_hash_type: hash_type = fingerprint_hash_type.lower() else: hash_type = "sha256" try: hash_func = getattr(hashlib, hash_type) except AttributeError: raise CommandExecutionError( "The fingerprint_hash_type {} is not supported.".format(hash_type) ) try: raw_key = base64.b64decode(public_key, validate=True) # pylint: disable=E1123 except binascii.Error: return None ret = hash_func(raw_key).hexdigest() chunks = [ret[i : i + 2] for i in range(0, len(ret), 2)] return ":".join(chunks) def _get_known_hosts_file(config=None, user=None): if user: config = config or ".ssh/known_hosts" else: config = config or "/etc/ssh/ssh_known_hosts" if os.path.isabs(config): full = config else: if user: uinfo = __salt__["user.info"](user) if not uinfo: return { "status": "error", "error": "User {} does not exist".format(user), } full = os.path.join(uinfo["home"], config) else: return { "status": "error", "error": "Cannot determine absolute path to file.", } return full def host_keys(keydir=None, private=True, certs=True): """ Return the minion's host keys CLI Example: .. code-block:: bash salt '*' ssh.host_keys salt '*' ssh.host_keys keydir=/etc/ssh salt '*' ssh.host_keys keydir=/etc/ssh private=False salt '*' ssh.host_keys keydir=/etc/ssh certs=False """ # TODO: support parsing sshd_config for the key directory if not keydir: if __grains__["kernel"] == "Linux": keydir = "/etc/ssh" else: # If keydir is None, os.listdir() will blow up raise SaltInvocationError("ssh.host_keys: Please specify a keydir") keys = {} fnre = re.compile(r"ssh_host_(?P<type>.+)_key(?P<pub>(?P<cert>-cert)?\.pub)?") for fn_ in os.listdir(keydir): m = fnre.match(fn_) if m: if not m.group("pub") and private is False: log.info("Skipping private key file %s as private is set to False", fn_) continue if m.group("cert") and certs is False: log.info("Skipping key file %s as certs is set to False", fn_) continue kname = m.group("type") if m.group("pub"): kname += m.group("pub") try: with salt.utils.files.fopen(os.path.join(keydir, fn_), "r") as _fh: # As of RFC 4716 "a key file is a text file, containing a # sequence of lines", although some SSH implementations # (e.g. OpenSSH) manage their own format(s). Please see # #20708 for a discussion about how to handle SSH key files # in the future keys[kname] = salt.utils.stringutils.to_unicode(_fh.readline()) # only read the whole file if it is not in the legacy 1.1 # binary format if keys[kname] != "SSH PRIVATE KEY FILE FORMAT 1.1\n": keys[kname] += salt.utils.stringutils.to_unicode(_fh.read()) keys[kname] = keys[kname].strip() except OSError: keys[kname] = "" return keys def auth_keys(user=None, config=".ssh/authorized_keys", fingerprint_hash_type=None): """ Return the authorized keys for users CLI Example: .. code-block:: bash salt '*' ssh.auth_keys salt '*' ssh.auth_keys root salt '*' ssh.auth_keys user=root salt '*' ssh.auth_keys user="[user1, user2]" """ if not user: user = __salt__["user.list_users"]() old_output_when_one_user = False if not isinstance(user, list): user = [user] old_output_when_one_user = True keys = {} for u in user: full = None try: full = _get_config_file(u, config) except CommandExecutionError: pass if full and os.path.isfile(full): keys[u] = _validate_keys(full, fingerprint_hash_type) if old_output_when_one_user: if user[0] in keys: return keys[user[0]] else: return {} return keys def check_key_file( user, source, config=".ssh/authorized_keys", saltenv="base", fingerprint_hash_type=None, ): """ Check a keyfile from a source destination against the local keys and return the keys to change CLI Example: .. code-block:: bash salt '*' ssh.check_key_file root salt://ssh/keyfile """ keyfile = __salt__["cp.cache_file"](source, saltenv) if not keyfile: return {} s_keys = _validate_keys(keyfile, fingerprint_hash_type) if not s_keys: err = "No keys detected in {}. Is file properly formatted?".format(source) log.error(err) __context__["ssh_auth.error"] = err return {} else: ret = {} for key in s_keys: ret[key] = check_key( user, key, s_keys[key]["enc"], s_keys[key]["comment"], s_keys[key]["options"], config=config, fingerprint_hash_type=fingerprint_hash_type, ) return ret def check_key( user, key, enc, comment, options, config=".ssh/authorized_keys", cache_keys=None, fingerprint_hash_type=None, ): """ Check to see if a key needs updating, returns "update", "add" or "exists" CLI Example: .. code-block:: bash salt '*' ssh.check_key <user> <key> <enc> <comment> <options> """ if cache_keys is None: cache_keys = [] enc = _refine_enc(enc) current = auth_keys( user, config=config, fingerprint_hash_type=fingerprint_hash_type ) nline = _format_auth_line(key, enc, comment, options) # Removing existing keys from the auth_keys isn't really a good idea # in fact # # as: # - We can have non-salt managed keys in that file # - We can have multiple states defining keys for an user # and with such code only one state will win # the remove all-other-keys war # # if cache_keys: # for pub_key in set(current).difference(set(cache_keys)): # rm_auth_key(user, pub_key) if key in current: cline = _format_auth_line( key, current[key]["enc"], current[key]["comment"], current[key]["options"] ) if cline != nline: return "update" else: return "add" return "exists" def rm_auth_key_from_file( user, source, config=".ssh/authorized_keys", saltenv="base", fingerprint_hash_type=None, ): """ Remove an authorized key from the specified user's authorized key file, using a file as source CLI Example: .. code-block:: bash salt '*' ssh.rm_auth_key_from_file <user> salt://ssh_keys/<user>.id_rsa.pub """ lfile = __salt__["cp.cache_file"](source, saltenv) if not os.path.isfile(lfile): raise CommandExecutionError("Failed to pull key file from salt file server") s_keys = _validate_keys(lfile, fingerprint_hash_type) if not s_keys: err = "No keys detected in {}. Is file properly formatted?".format(source) log.error(err) __context__["ssh_auth.error"] = err return "fail" else: rval = "" for key in s_keys: rval += rm_auth_key( user, key, config=config, fingerprint_hash_type=fingerprint_hash_type ) # Due to the ability for a single file to have multiple keys, it's # possible for a single call to this function to have both "replace" # and "new" as possible valid returns. I ordered the following as I # thought best. if "Key not removed" in rval: return "Key not removed" elif "Key removed" in rval: return "Key removed" else: return "Key not present" def rm_auth_key(user, key, config=".ssh/authorized_keys", fingerprint_hash_type=None): """ Remove an authorized key from the specified user's authorized key file CLI Example: .. code-block:: bash salt '*' ssh.rm_auth_key <user> <key> """ current = auth_keys( user, config=config, fingerprint_hash_type=fingerprint_hash_type ) linere = re.compile(r"^(.*?)\s?((?:sk-)?(?:ssh\-|ecds)[\w@.-]+\s.+)$") if key in current: # Remove the key full = _get_config_file(user, config) # Return something sensible if the file doesn't exist if not os.path.isfile(full): return "Authorized keys file {} not present".format(full) lines = [] try: # Read every line in the file to find the right ssh key # and then write out the correct one. Open the file once with salt.utils.files.fopen(full, "r") as _fh: for line in _fh: # We don't need any whitespace-only containing lines or arbitrary doubled newlines line = salt.utils.stringutils.to_unicode(line.strip()) if line == "": continue line += "\n" if line.startswith("#"): # Commented Line lines.append(line) continue # get "{options} key" search = re.search(linere, line) if not search: # not an auth ssh key, perhaps a blank line continue comps = search.group(2).split() if len(comps) < 2: # Not a valid line lines.append(line) continue pkey = comps[1] # This is the key we are "deleting", so don't put # it in the list of keys to be re-added back if pkey == key: continue lines.append(line) # Let the context manager do the right thing here and then # re-open the file in write mode to save the changes out. with salt.utils.files.fopen(full, "wb") as _fh: _fh.writelines(salt.utils.data.encode(lines)) except OSError as exc: log.warning("Could not read/write key file: %s", exc) return "Key not removed" return "Key removed" # TODO: Should this function return a simple boolean? return "Key not present" def set_auth_key_from_file( user, source, config=".ssh/authorized_keys", saltenv="base", fingerprint_hash_type=None, ): """ Add a key to the authorized_keys file, using a file as the source. CLI Example: .. code-block:: bash salt '*' ssh.set_auth_key_from_file <user> salt://ssh_keys/<user>.id_rsa.pub """ # TODO: add support for pulling keys from other file sources as well lfile = __salt__["cp.cache_file"](source, saltenv) if not os.path.isfile(lfile): raise CommandExecutionError("Failed to pull key file from salt file server") s_keys = _validate_keys(lfile, fingerprint_hash_type) if not s_keys: err = "No keys detected in {}. Is file properly formatted?".format(source) log.error(err) __context__["ssh_auth.error"] = err return "fail" else: rval = "" for key in s_keys: rval += set_auth_key( user, key, enc=s_keys[key]["enc"], comment=s_keys[key]["comment"], options=s_keys[key]["options"], config=config, cache_keys=list(s_keys.keys()), fingerprint_hash_type=fingerprint_hash_type, ) # Due to the ability for a single file to have multiple keys, it's # possible for a single call to this function to have both "replace" # and "new" as possible valid returns. I ordered the following as I # thought best. if "fail" in rval: return "fail" elif "replace" in rval: return "replace" elif "new" in rval: return "new" else: return "no change" def set_auth_key( user, key, enc="ssh-rsa", comment="", options=None, config=".ssh/authorized_keys", cache_keys=None, fingerprint_hash_type=None, ): """ Add a key to the authorized_keys file. The "key" parameter must only be the string of text that is the encoded key. If the key begins with "ssh-rsa" or ends with user@host, remove those from the key before passing it to this function. CLI Example: .. code-block:: bash salt '*' ssh.set_auth_key <user> '<key>' enc='dsa' """ if cache_keys is None: cache_keys = [] if len(key.split()) > 1: return "invalid" enc = _refine_enc(enc) uinfo = __salt__["user.info"](user) if not uinfo: return "fail" # A 'valid key' to us pretty much means 'decodable as base64', which is # the same filtering done when reading the authorized_keys file. Apply # the same check to ensure we don't insert anything that will not # subsequently be read) key_is_valid = _fingerprint(key, fingerprint_hash_type) is not None if not key_is_valid: return "Invalid public key" status = check_key( user, key, enc, comment, options, config=config, cache_keys=cache_keys, fingerprint_hash_type=fingerprint_hash_type, ) if status == "update": _replace_auth_key(user, key, enc, comment, options or [], config) return "replace" elif status == "exists": return "no change" else: auth_line = _format_auth_line(key, enc, comment, options) fconfig = _get_config_file(user, config) # Fail if the key lives under the user's homedir, and the homedir # doesn't exist udir = uinfo.get("home", "") if fconfig.startswith(udir) and not os.path.isdir(udir): return "fail" if not os.path.isdir(os.path.dirname(fconfig)): dpath = os.path.dirname(fconfig) os.makedirs(dpath) if not salt.utils.platform.is_windows(): if os.geteuid() == 0: os.chown(dpath, uinfo["uid"], uinfo["gid"]) os.chmod(dpath, 448) # If SELINUX is available run a restorecon on the file rcon = salt.utils.path.which("restorecon") if rcon: cmd = [rcon, dpath] subprocess.call(cmd) if not os.path.isfile(fconfig): new_file = True else: new_file = False try: with salt.utils.files.fopen(fconfig, "ab+") as _fh: if new_file is False: # Let's make sure we have a new line at the end of the file _fh.seek(0, 2) if _fh.tell() > 0: # File isn't empty, check if last byte is a newline # If not, add one _fh.seek(-1, 2) if _fh.read(1) != b"\n": _fh.write(b"\n") _fh.write(salt.utils.stringutils.to_bytes(auth_line)) except OSError as exc: msg = "Could not write to key file: {0}" raise CommandExecutionError(msg.format(exc)) if new_file: if not salt.utils.platform.is_windows(): if os.geteuid() == 0: os.chown(fconfig, uinfo["uid"], uinfo["gid"]) os.chmod(fconfig, 384) # If SELINUX is available run a restorecon on the file rcon = salt.utils.path.which("restorecon") if rcon: cmd = [rcon, fconfig] subprocess.call(cmd) return "new" def _get_matched_host_line_numbers(lines, enc): """ Helper function which parses ssh-keygen -F function output and yield line number of known_hosts entries with encryption key type matching enc, one by one. """ enc = enc if enc else "rsa" for i, line in enumerate(lines): if i % 2 == 0: line_no = int(line.strip().split()[-1]) line_enc = lines[i + 1].strip().split()[-2] if line_enc != enc: continue yield line_no def _parse_openssh_output(lines, fingerprint_hash_type=None): """ Helper function which parses ssh-keygen -F and ssh-keyscan function output and yield dict with keys information, one by one. """ for line in lines: # We don't need any whitespace-only containing lines or arbitrary doubled newlines line = line.strip() if line == "": continue line += "\n" if line.startswith("#"): continue try: hostname, enc, key = line.split() except ValueError: # incorrect format continue fingerprint = _fingerprint(key, fingerprint_hash_type=fingerprint_hash_type) if not fingerprint: continue yield {"hostname": hostname, "key": key, "enc": enc, "fingerprint": fingerprint} @salt.utils.decorators.path.which("ssh-keygen") def get_known_host_entries( user, hostname, config=None, port=None, fingerprint_hash_type=None ): """ .. versionadded:: 2018.3.0 Return information about known host entries from the configfile, if any. If there are no entries for a matching hostname, return None. CLI Example: .. code-block:: bash salt '*' ssh.get_known_host_entries <user> <hostname> """ full = _get_known_hosts_file(config=config, user=user) if isinstance(full, dict): return full ssh_hostname = _hostname_and_port_to_ssh_hostname(hostname, port) cmd = ["ssh-keygen", "-F", ssh_hostname, "-f", full] lines = __salt__["cmd.run"]( cmd, ignore_retcode=True, python_shell=False ).splitlines() known_host_entries = list( _parse_openssh_output(lines, fingerprint_hash_type=fingerprint_hash_type) ) return known_host_entries if known_host_entries else None @salt.utils.decorators.path.which("ssh-keyscan") def recv_known_host_entries( hostname, enc=None, port=None, hash_known_hosts=True, timeout=5, fingerprint_hash_type=None, ): """ .. versionadded:: 2018.3.0 Retrieve information about host public keys from remote server hostname The name of the remote host (e.g. "github.com") enc Defines what type of key is being used, can be ed25519, ecdsa, ssh-rsa, ssh-dss or any other type as of openssh server version 8.7. port Optional parameter, denoting the port of the remote host on which an SSH daemon is running. By default the port 22 is used. hash_known_hosts : True Hash all hostnames and addresses in the known hosts file. timeout : int Set the timeout for connection attempts. If ``timeout`` seconds have elapsed since a connection was initiated to a host or since the last time anything was read from that host, then the connection is closed and the host in question considered unavailable. Default is 5 seconds. fingerprint_hash_type The fingerprint hash type that the public key fingerprints were originally hashed with. This defaults to ``sha256`` if not specified. .. versionadded:: 2016.11.4 .. versionchanged:: 2017.7.0 default changed from ``md5`` to ``sha256`` CLI Example: .. code-block:: bash salt '*' ssh.recv_known_host_entries <hostname> enc=<enc> port=<port> """ # The following list of OSes have an old version of openssh-clients # and thus require the '-t' option for ssh-keyscan need_dash_t = ("CentOS-5",) cmd = ["ssh-keyscan"] if port: cmd.extend(["-p", port]) if enc: cmd.extend(["-t", enc]) if not enc and __grains__.get("osfinger") in need_dash_t: cmd.extend(["-t", "rsa"]) if hash_known_hosts: cmd.append("-H") cmd.extend(["-T", str(timeout)]) cmd.append(hostname) lines = None attempts = 5 while not lines and attempts > 0: attempts = attempts - 1 lines = __salt__["cmd.run"](cmd, python_shell=False).splitlines() known_host_entries = list( _parse_openssh_output(lines, fingerprint_hash_type=fingerprint_hash_type) ) return known_host_entries if known_host_entries else None def check_known_host( user=None, hostname=None, key=None, fingerprint=None, config=None, port=None, fingerprint_hash_type=None, ): """ Check the record in known_hosts file, either by its value or by fingerprint (it's enough to set up either key or fingerprint, you don't need to set up both). If provided key or fingerprint doesn't match with stored value, return "update", if no value is found for a given host, return "add", otherwise return "exists". If neither key, nor fingerprint is defined, then additional validation is not performed. CLI Example: .. code-block:: bash salt '*' ssh.check_known_host <user> <hostname> key='AAAA...FAaQ==' """ if not hostname: return {"status": "error", "error": "hostname argument required"} if not user: config = config or "/etc/ssh/ssh_known_hosts" else: config = config or ".ssh/known_hosts" known_host_entries = get_known_host_entries( user, hostname, config=config, port=port, fingerprint_hash_type=fingerprint_hash_type, ) known_keys = [h["key"] for h in known_host_entries] if known_host_entries else [] known_fingerprints = ( [h["fingerprint"] for h in known_host_entries] if known_host_entries else [] ) if not known_host_entries: return "add" if key: return "exists" if key in known_keys else "update" elif fingerprint: return "exists" if fingerprint in known_fingerprints else "update" else: return "exists" def rm_known_host(user=None, hostname=None, config=None, port=None): """ Remove all keys belonging to hostname from a known_hosts file. CLI Example: .. code-block:: bash salt '*' ssh.rm_known_host <user> <hostname> """ if not hostname: return {"status": "error", "error": "hostname argument required"} full = _get_known_hosts_file(config=config, user=user) if isinstance(full, dict): return full if not os.path.isfile(full): return { "status": "error", "error": "Known hosts file {} does not exist".format(full), } ssh_hostname = _hostname_and_port_to_ssh_hostname(hostname, port) cmd = ["ssh-keygen", "-R", ssh_hostname, "-f", full] cmd_result = __salt__["cmd.run"](cmd, python_shell=False) if not salt.utils.platform.is_windows(): # ssh-keygen creates a new file, thus a chown is required. if os.geteuid() == 0 and user: uinfo = __salt__["user.info"](user) os.chown(full, uinfo["uid"], uinfo["gid"]) return {"status": "removed", "comment": cmd_result} def set_known_host( user=None, hostname=None, fingerprint=None, key=None, port=None, enc=None, config=None, hash_known_hosts=True, timeout=5, fingerprint_hash_type=None, ): """ Download SSH public key from remote host "hostname", optionally validate its fingerprint against "fingerprint" variable and save the record in the known_hosts file. If such a record does already exists in there, do nothing. user The user who owns the ssh authorized keys file to modify hostname The name of the remote host (e.g. "github.com") fingerprint The fingerprint of the key which must be present in the known_hosts file (optional if key specified) key The public key which must be presented in the known_hosts file (optional if fingerprint specified) port optional parameter, denoting the port of the remote host, which will be used in case, if the public key will be requested from it. By default the port 22 is used. enc Defines what type of key is being used, can be ed25519, ecdsa, ssh-rsa, ssh-dss or any other type as of openssh server version 8.7. config The location of the authorized keys file relative to the user's home directory, defaults to ".ssh/known_hosts". If no user is specified, defaults to "/etc/ssh/ssh_known_hosts". If present, must be an absolute path when a user is not specified. hash_known_hosts : True Hash all hostnames and addresses in the known hosts file. timeout : int Set the timeout for connection attempts. If ``timeout`` seconds have elapsed since a connection was initiated to a host or since the last time anything was read from that host, then the connection is closed and the host in question considered unavailable. Default is 5 seconds. .. versionadded:: 2016.3.0 fingerprint_hash_type The public key fingerprint hash type that the public key fingerprint was originally hashed with. This defaults to ``sha256`` if not specified. .. versionadded:: 2016.11.4 .. versionchanged:: 2017.7.0 default changed from ``md5`` to ``sha256`` CLI Example: .. code-block:: bash salt '*' ssh.set_known_host <user> fingerprint='xx:xx:..:xx' enc='ssh-rsa' config='.ssh/known_hosts' """ if not hostname: return {"status": "error", "error": "hostname argument required"} if port is not None and port != DEFAULT_SSH_PORT and hash_known_hosts: return { "status": "error", "error": ( "argument port can not be used in " "conjunction with argument hash_known_hosts" ), } update_required = False check_required = False stored_host_entries = get_known_host_entries( user, hostname, config=config, port=port, fingerprint_hash_type=fingerprint_hash_type, ) stored_keys = [h["key"] for h in stored_host_entries] if stored_host_entries else [] stored_fingerprints = ( [h["fingerprint"] for h in stored_host_entries] if stored_host_entries else [] ) if not stored_host_entries: update_required = True elif fingerprint and fingerprint not in stored_fingerprints: update_required = True elif key and key not in stored_keys: update_required = True elif key is None and fingerprint is None: check_required = True if not update_required and not check_required: return {"status": "exists", "keys": stored_keys} if not key: remote_host_entries = recv_known_host_entries( hostname, enc=enc, port=port, hash_known_hosts=hash_known_hosts, timeout=timeout, fingerprint_hash_type=fingerprint_hash_type, ) # pylint: disable=not-an-iterable known_keys = ( [h["key"] for h in remote_host_entries] if remote_host_entries else [] ) known_fingerprints = ( [h["fingerprint"] for h in remote_host_entries] if remote_host_entries else [] ) # pylint: enable=not-an-iterable if not remote_host_entries: return {"status": "error", "error": "Unable to receive remote host keys"} if fingerprint and fingerprint not in known_fingerprints: return { "status": "error", "error": ( "Remote host public keys found but none of their " "fingerprints match the one you have provided" ), } if check_required: for key in known_keys: if key in stored_keys: return {"status": "exists", "keys": stored_keys} full = _get_known_hosts_file(config=config, user=user) if isinstance(full, dict): return full if os.path.isfile(full): origmode = os.stat(full).st_mode # remove existing known_host entry with matching hostname and encryption key type # use ssh-keygen -F to find the specific line(s) for this host + enc combo ssh_hostname = _hostname_and_port_to_ssh_hostname(hostname, port) cmd = ["ssh-keygen", "-F", ssh_hostname, "-f", full] lines = __salt__["cmd.run"]( cmd, ignore_retcode=True, python_shell=False ).splitlines() remove_lines = list(_get_matched_host_line_numbers(lines, enc)) if remove_lines: try: with salt.utils.files.fopen(full, "r+") as ofile: known_hosts_lines = salt.utils.data.decode(list(ofile)) # Delete from last line to first to avoid invalidating earlier indexes for line_no in sorted(remove_lines, reverse=True): del known_hosts_lines[line_no - 1] # Write out changed known_hosts file ofile.seek(0) ofile.truncate() ofile.writelines( salt.utils.data.decode(known_hosts_lines, to_str=True) ) except OSError as exception: raise CommandExecutionError( "Couldn't remove old entry(ies) from known hosts file: '{}'".format( exception ) ) else: origmode = None # set up new value if key: remote_host_entries = [{"hostname": hostname, "enc": enc, "key": key}] lines = [] for entry in remote_host_entries: if ( hash_known_hosts or port in [DEFAULT_SSH_PORT, None] or ":" in entry["hostname"] ): line = "{hostname} {enc} {key}\n".format(**entry) else: entry["port"] = port line = "[{hostname}]:{port} {enc} {key}\n".format(**entry) lines.append(line) # ensure ~/.ssh exists ssh_dir = os.path.dirname(full) if user: uinfo = __salt__["user.info"](user) try: log.debug('Ensuring ssh config dir "%s" exists', ssh_dir) os.makedirs(ssh_dir) except OSError as exc: if exc.args[1] == "Permission denied": log.error("Unable to create directory %s: %s", ssh_dir, exc.args[1]) elif exc.args[1] == "File exists": log.debug("%s already exists, no need to create it", ssh_dir) else: # set proper ownership/permissions if user: os.chown(ssh_dir, uinfo["uid"], uinfo["gid"]) os.chmod(ssh_dir, 0o700) # write line to known_hosts file try: with salt.utils.files.fopen(full, "ab") as ofile: ofile.writelines(salt.utils.data.encode(lines)) except OSError as exception: raise CommandExecutionError( "Couldn't append to known hosts file: '{}'".format(exception) ) if not salt.utils.platform.is_windows(): if os.geteuid() == 0 and user: os.chown(full, uinfo["uid"], uinfo["gid"]) if origmode: os.chmod(full, origmode) else: os.chmod(full, 0o600) if key and hash_known_hosts: cmd_result = __salt__["ssh.hash_known_hosts"](user=user, config=full) rval = {"status": "updated", "old": stored_host_entries, "new": remote_host_entries} return rval def user_keys(user=None, pubfile=None, prvfile=None): """ Return the user's ssh keys on the minion .. versionadded:: 2014.7.0 CLI Example: .. code-block:: bash salt '*' ssh.user_keys salt '*' ssh.user_keys user=user1 salt '*' ssh.user_keys user=user1 pubfile=/home/user1/.ssh/id_rsa.pub prvfile=/home/user1/.ssh/id_rsa salt '*' ssh.user_keys user=user1 prvfile=False salt '*' ssh.user_keys user="['user1','user2'] pubfile=id_rsa.pub prvfile=id_rsa As you can see you can tell Salt not to read from the user's private (or public) key file by setting the file path to ``False``. This can be useful to prevent Salt from publishing private data via Salt Mine or others. """ if not user: user = __salt__["user.list_users"]() if not isinstance(user, list): # only one so convert to list user = [user] keys = {} for u in user: keys[u] = {} userinfo = __salt__["user.info"](u) if "home" not in userinfo: # no home directory, skip continue userKeys = [] if pubfile: userKeys.append(pubfile) elif pubfile is not False: # Add the default public keys userKeys += ["id_rsa.pub", "id_dsa.pub", "id_ecdsa.pub", "id_ed25519.pub"] if prvfile: userKeys.append(prvfile) elif prvfile is not False: # Add the default private keys userKeys += ["id_rsa", "id_dsa", "id_ecdsa", "id_ed25519"] for key in userKeys: if key.startswith("/"): keyname = os.path.basename(key) fn_ = key else: # if not full path, assume key is in .ssh # in user's home directory keyname = key fn_ = "{}/.ssh/{}".format(userinfo["home"], key) if os.path.exists(fn_): try: with salt.utils.files.fopen(fn_, "r") as _fh: keys[u][keyname] = "".join( salt.utils.data.decode(_fh.readlines()) ).strip() except OSError: pass # clean up any empty items _keys = {} for key in keys: if keys[key]: _keys[key] = keys[key] return _keys @salt.utils.decorators.path.which("ssh-keygen") def hash_known_hosts(user=None, config=None): """ Hash all the hostnames in the known hosts file. .. versionadded:: 2014.7.0 user hash known hosts of this user config path to known hosts file: can be absolute or relative to user's home directory CLI Example: .. code-block:: bash salt '*' ssh.hash_known_hosts """ full = _get_known_hosts_file(config=config, user=user) if isinstance(full, dict): return full # full contains error information if not os.path.isfile(full): return { "status": "error", "error": "Known hosts file {} does not exist".format(full), } origmode = os.stat(full).st_mode cmd = ["ssh-keygen", "-H", "-f", full] cmd_result = __salt__["cmd.run"](cmd, python_shell=False) os.chmod(full, origmode) if not salt.utils.platform.is_windows(): # ssh-keygen creates a new file, thus a chown is required. if os.geteuid() == 0 and user: uinfo = __salt__["user.info"](user) os.chown(full, uinfo["uid"], uinfo["gid"]) return {"status": "updated", "comment": cmd_result} def _hostname_and_port_to_ssh_hostname(hostname, port=DEFAULT_SSH_PORT): if not port or port == DEFAULT_SSH_PORT: return hostname else: return "[{}]:{}".format(hostname, port) def key_is_encrypted(key): """ .. versionadded:: 2015.8.7 Function to determine whether or not a private key is encrypted with a passphrase. Checks key for a ``Proc-Type`` header with ``ENCRYPTED`` in the value. If found, returns ``True``, otherwise returns ``False``. CLI Example: .. code-block:: bash salt '*' ssh.key_is_encrypted /root/id_rsa """ return __utils__["ssh.key_is_encrypted"](key)
Save