Fix bad filesystem permissions of the RSA key

b91b1c23 · Victor Nikulshin · 9e2dac93 · b91b1c23 · b91b1c23
Commit b91b1c23 authored Nov 30, 2016 by Victor Nikulshin
Hide whitespace changes
Inline Side-by-side

Showing with 14 additions and 2 deletions

docker.py docker.py +1 -1

helpers.py helpers.py +13 -1

No files found.
--- a/docker.py
+++ b/docker.py
@@ -119,7 +119,7 @@ def connect():
    """
    with lcd(env.workspace):
        if docker_isrunning('{}_container'.format(env.project_name)):
-            local('ssh drupalizer@{} -i {}'.format(env.container_ip, h.fab_path('docker/ssh/id_rsa')))
+            local('ssh drupalizer@{} -i {}'.format(env.container_ip, h.fab_ssh_key()))
        else:
            print(red('Docker container {}_container is not running, it should be running to be able to connect.'))


--- a/helpers.py
+++ b/helpers.py
@@ -70,7 +70,7 @@ def fab_run(role="local", cmd=""):
    if role == "local":
        return local(cmd)
    else:
-        with settings(key_filename=fab_path("docker/ssh/id_rsa")):
+        with settings(key_filename=fab_ssh_key()):
            return run(cmd)


@@ -212,3 +212,15 @@ def fab_path(filename):
    """
    path = os.path.dirname(os.path.abspath(__file__))
    return os.path.abspath('{0}/{1}'.format(path, filename))
+
+def fab_ssh_key():
+    """
+    Returns the full path to default RSA key for SSH connections.
+
+    This helper checks and (if necessary) fixes filesystem permissions on the
+    RSA key file to make sure that SSH does not ignore keys accessible by other
+    users.
+    """
+    path = fab_path('docker/ssh/id_rsa')
+    local('chmod 600 {}'.format(path))
+    return path