Improved the code that generates the ssh keys for clients and shell users and reorganized it into a central function.

Author: Till Brehm

interface/lib/classes/functions.inc.php

@@ -437,6 +437,23 @@ public function generate_customer_no(){
 
 		return $customer_no;
 	}
+	
+	public function generate_ssh_key($client_id, $username = ''){
+		global $app;
+		
+		// generate the SSH key pair for the client
+		$id_rsa_file = '/tmp/'.uniqid('',true);
+		$id_rsa_pub_file = $id_rsa_file.'.pub';
+		if(file_exists($id_rsa_file)) unset($id_rsa_file);
+		if(file_exists($id_rsa_pub_file)) unset($id_rsa_pub_file);
+		if(!file_exists($id_rsa_file) && !file_exists($id_rsa_pub_file)) {
+			exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f '.$id_rsa_file.' -N ""');
+			$app->db->query("UPDATE client SET created_at = UNIX_TIMESTAMP(), id_rsa = ?, ssh_rsa = ? WHERE client_id = ?", @file_get_contents($id_rsa_file), @file_get_contents($id_rsa_pub_file), $client_id);
+			exec('rm -f '.$id_rsa_file.' '.$id_rsa_pub_file);
+		} else {
+			$app->log("Failed to create SSH keypair for ".$username, LOGLEVEL_WARN);
+		}
+	}
 }
 
 ?>

interface/lib/classes/remoting.inc.php

@@ -230,9 +230,8 @@ protected function klientadd($formdef_file, $reseller_id, $params)
 		*/
 
 		/* copied from the client_edit php */
-		exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f /tmp/id_rsa -N ""');
-		$app->db->query("UPDATE client SET created_at = UNIX_TIMESTAMP(), id_rsa = ?, ssh_rsa = ? WHERE client_id = ?", @file_get_contents('/tmp/id_rsa'), @file_get_contents('/tmp/id_rsa.pub'), $this->id);
-		exec('rm -f /tmp/id_rsa /tmp/id_rsa.pub');
+		$app->uses('functions');
+		$app->functions->generate_ssh_key($this->id, $username);
 
 
 

interface/web/client/client_edit.php

@@ -260,9 +260,8 @@ function onAfterInsert() {
 
 		// Create the controlpaneluser for the client
 		//Generate ssh-rsa-keys
-		exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f /tmp/id_rsa -N ""');
-		$app->db->query("UPDATE client SET created_at = UNIX_TIMESTAMP(), id_rsa = ?, ssh_rsa = ? WHERE client_id = ?", @file_get_contents('/tmp/id_rsa'), @file_get_contents('/tmp/id_rsa.pub'), $this->id);
-		exec('rm -f /tmp/id_rsa /tmp/id_rsa.pub');
+		$app->uses('functions');
+		$app->functions->generate_ssh_key($this->id, $username);
 
 		// Create the controlpaneluser for the client
 		$sql = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id)

interface/web/tools/import_vpopmail.php

@@ -133,9 +133,8 @@ function start_import() {
 
 				// Create the controlpaneluser for the client
 				//Generate ssh-rsa-keys
-				exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f /tmp/id_rsa -N ""');
-				$app->db->query("UPDATE client SET created_at = UNIX_TIMESTAMP(), id_rsa = ?, ssh_rsa = ? WHERE client_id = ?", @file_get_contents('/tmp/id_rsa'), @file_get_contents('/tmp/id_rsa.pub'), $client_id);
-				exec('rm -f /tmp/id_rsa /tmp/id_rsa.pub');
+				$app->uses('functions');
+				$app->functions->generate_ssh_key($client_id, $username);
 
 				// Create the controlpaneluser for the client
 				$sql = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id)

server/lib/classes/functions.inc.php

@@ -415,6 +415,23 @@ public function idn_decode($domain) {
 		}
 		return implode("\n", $domains);
 	}
+	
+	public function generate_ssh_key($client_id, $username = ''){
+		global $app;
+		
+		// generate the SSH key pair for the client
+		$id_rsa_file = '/tmp/'.uniqid('',true);
+		$id_rsa_pub_file = $id_rsa_file.'.pub';
+		if(file_exists($id_rsa_file)) unset($id_rsa_file);
+		if(file_exists($id_rsa_pub_file)) unset($id_rsa_pub_file);
+		if(!file_exists($id_rsa_file) && !file_exists($id_rsa_pub_file)) {
+			exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f '.$id_rsa_file.' -N ""');
+			$app->db->query("UPDATE client SET created_at = UNIX_TIMESTAMP(), id_rsa = ?, ssh_rsa = ? WHERE client_id = ?", $app->system->file_get_contents($id_rsa_file), $app->system->file_get_contents($id_rsa_pub_file), $client_id);
+			exec('rm -f '.$id_rsa_file.' '.$id_rsa_pub_file);
+		} else {
+			$app->log("Failed to create SSH keypair for ".$username, LOGLEVEL_WARN);
+		}
+	}
 
 }
 

server/plugins-available/shelluser_base_plugin.inc.php

@@ -450,16 +450,8 @@ private function _setup_ssh_rsa() {
 		// If this user has no key yet, generate a pair
 		if ($userkey == '' && $id > 0){
 			//Generate ssh-rsa-keys
-			exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f /tmp/id_rsa -N ""');
-
-			// use the public key that has been generated
-			$userkey = $app->system->file_get_contents('/tmp/id_rsa.pub');
-
-			// save keypair in client table
-			$this->app->db->query("UPDATE client SET created_at = UNIX_TIMESTAMP(), id_rsa = ?, ssh_rsa = ? WHERE client_id = ?", $app->system->file_get_contents('/tmp/id_rsa'), $userkey, $id);
-
-			$app->system->unlink('/tmp/id_rsa');
-			$app->system->unlink('/tmp/id_rsa.pub');
+			$app->uses('functions');
+			$app->functions->generate_ssh_key($id, $username);
 			$this->app->log("ssh-rsa keypair generated for ".$username, LOGLEVEL_DEBUG);
 		};
 

server/plugins-available/shelluser_jailkit_plugin.inc.php

@@ -468,16 +468,9 @@ private function _setup_ssh_rsa() {
 		// If this user has no key yet, generate a pair
 		if ($userkey == '' && $id > 0){
 			//Generate ssh-rsa-keys
-			exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f /tmp/id_rsa -N ""');
-
-			// use the public key that has been generated
-			$userkey = $app->system->file_get_contents('/tmp/id_rsa.pub');
-
-			// save keypair in client table
-			$this->app->db->query("UPDATE client SET created_at = UNIX_TIMESTAMP(), id_rsa = ? ssh_rsa = ? WHERE client_id = ?", $app->system->file_get_contents('/tmp/id_rsa'), $userkey, $id);
-
-			$app->system->unlink('/tmp/id_rsa');
-			$app->system->unlink('/tmp/id_rsa.pub');
+			$app->uses('functions');
+			$app->functions->generate_ssh_key($id, $username);
+			
 			$this->app->log("ssh-rsa keypair generated for ".$username, LOGLEVEL_DEBUG);
 		};