adminmpmcz/patchcenter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

Fix SSH key: read PEM content from settings + ssh_key_default_user

Browse Source
This commit is contained in:
Pierre & Lumière 2026-04-14 12:56:09 +02:00
parent 8dba0706b0
commit da1042fef4
1 changed files with 28 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
app/services/realtime_audit_service.py
View File

@ -18,15 +18,20 @@ DNS_SUFFIXES = ["", ".mpcz.fr", ".sanef.groupe", ".sanef-rec.fr", ".sanef.fr"]
def _get_ssh_settings(): def _get_ssh_settings():
"""Lit les settings SSH depuis app_secrets dans la DB.""" """Lit les settings SSH depuis app_secrets dans la DB.
Retourne (key_material, user). key_material peut etre un chemin (legacy)
ou le contenu PEM (nouveau)."""
try: try:
from .secrets_service import get_secret from .secrets_service import get_secret
from ..database import SessionLocal from ..database import SessionLocal
db = SessionLocal() db = SessionLocal()
key_path = get_secret(db, "ssh_key_file") or SSH_KEY_DEFAULT # Nouveau: contenu PEM direct
user = get_secret(db, "ssh_user") or SSH_USER_DEFAULT key_material = get_secret(db, "ssh_key_private_key")
if not key_material:
key_material = get_secret(db, "ssh_key_file") or SSH_KEY_DEFAULT
user = get_secret(db, "ssh_key_default_user") or get_secret(db, "ssh_user") or SSH_USER_DEFAULT
db.close() db.close()
return key_path, user return key_material, user
except Exception: except Exception:
return SSH_KEY_DEFAULT, SSH_USER_DEFAULT return SSH_KEY_DEFAULT, SSH_USER_DEFAULT
@ -78,11 +83,26 @@ def _connect(target):
ssh_key, ssh_user = _get_ssh_settings() ssh_key, ssh_user = _get_ssh_settings()
# 1. Essai clé SSH depuis settings # 1. Essai clé SSH depuis settings (contenu PEM ou chemin legacy)
if os.path.exists(ssh_key): key_sources = []
for loader in [paramiko.Ed25519Key.from_private_key_file, paramiko.RSAKey.from_private_key_file, paramiko.ECDSAKey.from_private_key_file]: if ssh_key and "BEGIN" in ssh_key and "PRIVATE KEY" in ssh_key:
from io import StringIO
key_sources = [("content", ssh_key)]
elif ssh_key and os.path.exists(ssh_key):
key_sources = [("file", ssh_key)]
for src_type, src in key_sources:
for loader_file, loader_str in [
(paramiko.Ed25519Key.from_private_key_file, paramiko.Ed25519Key.from_private_key),
(paramiko.RSAKey.from_private_key_file, paramiko.RSAKey.from_private_key),
(paramiko.ECDSAKey.from_private_key_file, paramiko.ECDSAKey.from_private_key),
]:
try: try:
key = loader(ssh_key) from io import StringIO
if src_type == "file":
key = loader_file(src)
else:
key = loader_str(StringIO(src))
client = paramiko.SSHClient() client = paramiko.SSHClient()
client.set_missing_host_key_policy(paramiko.AutoAddPolicy()) client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
client.connect(target, port=22, username=ssh_user, pkey=key, client.connect(target, port=22, username=ssh_user, pkey=key,