| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051 |
- """
- SSH keys management utilities.
- """
- import subprocess
- from sqlalchemy import select
- from app.core.database import async_session_maker
- from app.models.device import Device
- async def sync_authorized_keys():
- """
- Sync all device SSH keys to /home/tunnel/.ssh/authorized_keys
- This should be called:
- - After device registration (to add new key)
- - After device deletion (to remove key)
- """
- try:
- async with async_session_maker() as session:
- result = await session.execute(select(Device))
- devices = result.scalars().all()
- keys = []
- for device in devices:
- if device.config and 'ssh_public_key' in device.config:
- ssh_key = device.config['ssh_public_key'].strip()
- if ssh_key:
- keys.append(f"{ssh_key} # {device.mac_address}")
- authorized_keys_content = "\n".join(keys) + "\n" if keys else ""
- # Write using sudo
- subprocess.run(
- ["sudo", "tee", "/home/tunnel/.ssh/authorized_keys"],
- input=authorized_keys_content.encode(),
- stdout=subprocess.DEVNULL,
- check=True
- )
- subprocess.run(
- ["sudo", "chmod", "600", "/home/tunnel/.ssh/authorized_keys"],
- check=True
- )
- subprocess.run(
- ["sudo", "chown", "tunnel:tunnel", "/home/tunnel/.ssh/authorized_keys"],
- check=True
- )
- print(f"[SSH] Synced {len(keys)} keys to authorized_keys")
- except Exception as e:
- print(f"[SSH] Failed to sync authorized_keys: {e}")
|
