diff options
| -rw-r--r-- | sos/report/plugins/ssh.py | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/sos/report/plugins/ssh.py b/sos/report/plugins/ssh.py index f36bdca2..971cda8b 100644 --- a/sos/report/plugins/ssh.py +++ b/sos/report/plugins/ssh.py @@ -9,6 +9,7 @@ # See the LICENSE file in the source distribution for further information. from sos.report.plugins import Plugin, IndependentPlugin +import os.path class Ssh(Plugin, IndependentPlugin): @@ -33,6 +34,10 @@ class Ssh(Plugin, IndependentPlugin): # Include main config files self.add_copy_spec(sshcfgs) + self.included_configs(sshcfgs) + self.user_ssh_files_permissions() + + def included_configs(self, sshcfgs): # Read configs for any includes and copy those try: for sshcfg in sshcfgs: @@ -49,5 +54,33 @@ class Ssh(Plugin, IndependentPlugin): except Exception: pass + def user_ssh_files_permissions(self): + """ + Iterate over .ssh folders in user homes to see their permissions. + + Bad permissions can prevent SSH from allowing access to given user. + """ + users_data = self.exec_cmd('getent passwd') + + if users_data['status']: + # If getent fails, fallback to just reading /etc/passwd + try: + with open('/etc/passwd') as passwd_file: + users_data_lines = passwd_file.readlines() + except Exception: + # If we can't read /etc/passwd, then there's something wrong. + self._log_error("Couldn't read /etc/passwd") + return + else: + users_data_lines = users_data['output'].splitlines() + + # Read the home paths of users in the system and check the ~/.ssh dirs + for usr_line in users_data_lines: + try: + home_dir = os.path.join(usr_line.split(':')[5], '.ssh') + if self.path_isdir(home_dir): + self.add_cmd_output('ls -laZ {}'.format(home_dir)) + except IndexError: + pass # vim: set et ts=4 sw=4 : |