gitlabFork/ISPConfig3.git - Solinfo Gitblit

parent: 1f751bd4 | patch | commit | ignore whitespace

Implemented passwordless ssh-rsa authentication support.

laking

2011-04-03 08c588789bb4663f38cbe53e2055b530d2029b60

Implemented passwordless ssh-rsa authentication support.

11 files modified

	interface/web/client/client_edit.php	15 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/sites/form/shell_user.tform.php	9 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/sites/templates/shell_user_edit.htm	4 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/sites/templates/web_domain_ssl.htm	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/tools/form/user_settings.tform.php	22 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/tools/lib/lang/de_usersettings.lng	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/tools/lib/lang/en_usersettings.lng	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/tools/lib/lang/hu_usersettings.lng	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/tools/templates/user_settings.htm	8 ●●●●● patch \| view \| raw \| blame \| history
	server/plugins-available/shelluser_base_plugin.inc.php	71 ●●●●● patch \| view \| raw \| blame \| history
	server/plugins-available/shelluser_jailkit_plugin.inc.php	56 ●●●●● patch \| view \| raw \| blame \| history

 interface/web/client/client_edit.php

@@ -149,9 +149,17 @@
        $active = 1;
        $language = $app->db->quote($this->dataRecord["language"]);
        
        //Generate ssh-rsa-keys
        exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f /tmp/id_rsa -N ""');
		
        $privatekey = file_get_contents('/tmp/id_rsa');
        $publickey  = file_get_contents('/tmp/id_rsa.pub');
		
        exec('rm -f /tmp/id_rsa /tmp/id_rsa.pub');

        // Create the controlpaneluser for the client
        $sql = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id)
        VALUES ('$username',md5('$password'),'$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,".$this->id.")";
        $sql = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id,id_rsa,ssh_rsa)
        VALUES ('$username',md5('$password'),'$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,".$this->id.",'$privatekey','$publickey')";
        $app->db->query($sql);
        
        //* If the user who inserted the client is a reseller (not admin), we will have to add this new client group 
@@ -214,6 +222,7 @@
            $sql = "UPDATE sys_user SET modules = '$modules' WHERE client_id = $client_id";
            $app->db->query($sql);
        }
		
        /*
         *  If there is a client-template, process it */
        applyClientTemplates($this->id);
@@ -225,4 +234,4 @@
$page = new page_action;
$page->onLoad();

?>
?>

 interface/web/sites/form/shell_user.tform.php

@@ -127,6 +127,13 @@
            'default'    => 'y',
            'value'        => array(0 => 'n',1 => 'y')
        ),
        'ssh_rsa' => array (
            'datatype'    => 'VARCHAR',
            'formtype'    => 'TEXT',
            'default'    => '',
            'value'        => '',
            'maxlength'    => '600'
        ),
    ##################################
    # ENDE Datatable fields
    ##################################
@@ -193,4 +200,4 @@
}


?>
?>

 interface/web/sites/templates/shell_user_edit.htm

@@ -43,6 +43,10 @@
          <label for="quota_size">{tmpl_var name='quota_size_txt'}</label>

        <input name="quota_size" id="quota_size" value="{tmpl_var name='quota_size'}" size="7" maxlength="7" type="text" class="textInput formLengthLimit" /><p class="formInputUnity">&nbsp;MB</p>

            </div>

    <div class="ctrlHolder">

              <label for="ssh_rsa">ssh_rsa</label>

            <input name="ssh_rsa" id="ssh_rsa" value="" maxlength="600" type="text" class="textInput" />

            </div>

      <div class="ctrlHolder">

                <p class="label">{tmpl_var name='active_txt'}</p>

                    <div class="multiField">


 interface/web/sites/templates/web_domain_ssl.htm

@@ -33,7 +33,7 @@
      </div>
      <div class="ctrlHolder">
          <label for="ssl_request">{tmpl_var name='ssl_request_txt'}</label>
        <textarea name="ssl_request" id="ssl_request" rows='10' cols='30'>{tmpl_var name='ssl_request'}</textarea>
        <textarea name="ssl_request" id="ssl_request" readonly rows='10' cols='30'>{tmpl_var name='ssl_request'}</textarea>
      </div>
      <div class="ctrlHolder">
          <label for="ssl_cert">{tmpl_var name='ssl_cert_txt'}</label>

 interface/web/tools/form/user_settings.tform.php

@@ -133,6 +133,26 @@
            'maxlength'    => '2',

            'rows'        => '',

            'cols'        => ''

        ),

        'id_rsa' => array (

            'datatype'    => 'VARCHAR',

            'formtype'    => 'TEXT',

            'default'    => '',

            'datasource'    => array (     'type'    => 'SQL',

                                        'querystring' => 'SELECT id_rsa FROM sys_user WHERE {AUTHSQL}',

                                        'valuefield'=> 'id_rsa'

                                     ),

            'value'        => ''

        ),

        'ssh_rsa' => array (

            'datatype'    => 'VARCHAR',

            'formtype'    => 'TEXT',

            'default'    => '',

            'datasource'    => array (     'type'    => 'SQL',

                                        'querystring' => 'SELECT ssh_rsa FROM sys_user WHERE {AUTHSQL}',

                                        'valuefield'=> 'ssh_rsa'

                                     ),

            'value'        => ''

        )

    ##################################

    # ENDE Datenbankfelder

@@ -141,4 +161,4 @@
);





?>
?>


 interface/web/tools/lib/lang/de_usersettings.lng

@@ -3,6 +3,6 @@
$wb['language_txt'] = 'Sprache';
$wb['password_mismatch'] = 'Die Passwörter stimmen nicht überein.';
$wb['password_strength_txt'] = 'Passwortkomplexität';
$wb['Form to edit the user password and language.'] = 'Formular, um das Benutzerpasswort und die Sprache zu bearbeiten.';
$wb['Form to edit the user password and language.'] = 'Formular, um das Benutzerpasswort, die Sprache und die authentication zu bearbeiten.';
$wb['Settings'] = 'Einstellungen';
?>

 interface/web/tools/lib/lang/en_usersettings.lng

@@ -3,6 +3,6 @@
$wb["password_strength_txt"] = 'Password strength';
$wb["language_txt"] = 'Language';
$wb["password_mismatch"] = 'The password in the second password field does not match the first password.';
$wb["Form to edit the user password and language."] = 'Form to edit the user password and language.';
$wb["Form to edit the user password and language."] = 'Form to edit the user password, language, and authentication.';
$wb["Settings"] = 'Settings';
?>

 interface/web/tools/lib/lang/hu_usersettings.lng

@@ -2,7 +2,7 @@
$wb['passwort_txt'] = 'Jelszó';
$wb['language_txt'] = 'Nyelv';
$wb['password_mismatch'] = 'Jelszavak nem egyeznek meg.';
$wb['Form to edit the user password and language.'] = 'Jelszó és nyelv beállító oldal.';
$wb['Form to edit the user password and language.'] = 'Jelszó, nyelv és hitelesítés beállító oldal.';
$wb['Settings'] = 'Beállítások';
$wb['password_strength_txt'] = 'Jelszó erősség';
?>

 interface/web/tools/templates/user_settings.htm

@@ -24,6 +24,14 @@
                    {tmpl_var name='language'}

                </select>

      </div>

     <div class="ctrlHolder">

          <label for="id_rsa">id_rsa</label>

        <textarea name="id_rsa" id="id_rsa" readonly rows='10' cols='30'>{tmpl_var name='id_rsa'}</textarea>

      </div>

      <div class="ctrlHolder">

          <label for="ssh_rsa">ssh_rsa</label>

        <input name="ssh_rsa" id="ssh_rsa" value="{tmpl_var name='ssh_rsa'}" size="30" maxlength="600" type="text" class="textInput" />

      </div>



    <input type="hidden" name="id" value="{tmpl_var name='id'}">




 server/plugins-available/shelluser_base_plugin.inc.php

@@ -88,6 +88,12 @@
                exec($command);
                $app->log("Executed command: ".$command,LOGLEVEL_DEBUG);
                $app->log("Added shelluser: ".$data['new']['username'],LOGLEVEL_DEBUG);
								
                // call the ssh-rsa update function
                $app->uses("getconf");
                $this->data = $data;
                $this->app = $app;
                $this->_setup_ssh_rsa();
                
                //* Create .bash_history file
                touch(escapeshellcmd($data['new']['dir']).'/.bash_history');
@@ -134,7 +140,12 @@
                    exec($command);
                    $app->log("Executed command: $command ",LOGLEVEL_DEBUG);
                    $app->log("Updated shelluser: ".$data['old']['username'],LOGLEVEL_DEBUG);
					
									
                    // call the ssh-rsa update function
                    $app->uses("getconf");
                    $this->data = $data;
                    $this->app = $app;
                    $this->_setup_ssh_rsa();
                    
                    //* Create .bash_history file
                    if(!is_file($data['new']['dir']).'/.bash_history') {
@@ -183,7 +194,63 @@
        
    }
    
	
    function _setup_ssh_rsa() {

            // ssh-rsa authentication variables
            $sshrsa = escapeshellcmd($this->data['new']['ssh_rsa']);
            $usrdir = escapeshellcmd($this->data['new']['dir']);
            $sshdir = escapeshellcmd($this->data['new']['dir']).'/.ssh';
            $sshkeys= escapeshellcmd($this->data['new']['dir']).'/.ssh/authorized_keys';
            global $app;
			
            // determine the client id
            $id = $this->data['new']['sys_groupid'];
            if ($id>0) $id = $id -1;
			
            $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE client_id  = ".$id);
            $userkey = $user['ssh_rsa'];
            $username= $user['username'];
			
            // If this user has no key yet, generate a pair
            if ($userkey == '') 
            {
                //Generate ssh-rsa-keys
                exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f /tmp/id_rsa -N ""');
				
                $privatekey = file_get_contents('/tmp/id_rsa');
                $publickey  = file_get_contents('/tmp/id_rsa.pub');
				
                exec('rm -f /tmp/id_rsa /tmp/id_rsa.pub');
				
                // Set the missing keypair
                $app->db->query("UPDATE sys_user SET id_rsa='$privatekey' ,ssh_rsa='$publickey' WHERE client_id = ".$id);
                $userkey = $publickey;
				
                $this->app->log("ssh-rsa keypair generated for ".$username,LOGLEVEL_DEBUG);
			
            };
			
            if (!file_exists($sshkeys))
            {
                // add root's key
                exec("mkdir '$sshdir'");
                exec("cat /root/.ssh/authorized_keys > '$sshkeys'");
                exec("echo '' >> '$sshkeys'");
			
                // add the user's key
                exec("echo '$userkey' >> '$sshkeys'");
                exec("echo '' >> '$sshkeys'");
            }
            // add the custom key 
            exec("echo '$sshrsa' >> '$sshkeys'");
            exec("echo '' >> '$sshkeys'");
			
            // set proper file permissions
            exec("chown -R ".escapeshellcmd($this->data['new']['puser']).":".escapeshellcmd($this->data['new']['pgroup'])." ".$usrdir);
            exec("chmod 600 '$sshkeys'");
			
            $this->app->log("ssh-rsa key added to ".$sshkeys,LOGLEVEL_DEBUG);
    }
    

} // end class

 server/plugins-available/shelluser_jailkit_plugin.inc.php

@@ -272,6 +272,62 @@
            chgrp(escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_puserhome), $this->data['new']['pgroup']);
                
            $this->app->log("Added created jailkit parent user home in : ".$this->data['new']['dir'].$jailkit_chroot_puserhome,LOGLEVEL_DEBUG);
			
            // ssh-rsa authentication variables
            $sshrsa = escapeshellcmd($this->data['new']['ssh_rsa']);
            $usrdir = escapeshellcmd($this->data['new']['dir']).'/'.$jailkit_chroot_userhome;
            $sshdir = escapeshellcmd($this->data['new']['dir']).'/'.$jailkit_chroot_userhome.'/.ssh';
            $sshkeys= escapeshellcmd($this->data['new']['dir']).'/'.$jailkit_chroot_userhome.'/.ssh/authorized_keys';
            global $app;
			
            // determine the client id
            $id = $this->data['new']['sys_groupid'];
            if ($id>0) $id = $id -1;
			
            $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE client_id  = ".$id);
            $userkey = $user['ssh_rsa'];
            $username= $user['username'];
			
            // If this user has no key yet, generate a pair
            if ($userkey == '') 
            {
                //Generate ssh-rsa-keys
                exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f /tmp/id_rsa -N ""');
				
                $privatekey = file_get_contents('/tmp/id_rsa');
                $publickey  = file_get_contents('/tmp/id_rsa.pub');
				
                exec('rm -f /tmp/id_rsa /tmp/id_rsa.pub');
				
                // Set the missing keypair
                $app->db->query("UPDATE sys_user SET id_rsa='$privatekey' ,ssh_rsa='$publickey' WHERE client_id = ".$id);
                $userkey = $publickey;
				
                $this->app->log("ssh-rsa keypair generated for ".$username,LOGLEVEL_DEBUG);
			
            };
			
            if (!file_exists($sshkeys))
            {
                // add root's key
                exec("mkdir '$sshdir'");
                exec("cat /root/.ssh/authorized_keys > '$sshkeys'");
                exec("echo '' >> '$sshkeys'");
			
                // add the user's key
                exec("echo '$userkey' >> '$sshkeys'");
                exec("echo '' >> '$sshkeys'");
            }
            // add the custom key 
            exec("echo '$sshrsa' >> '$sshkeys'");
            exec("echo '' >> '$sshkeys'");
			
            // set proper file permissions
            exec("chown -R ".escapeshellcmd($this->data['new']['puser']).":".escapeshellcmd($this->data['new']['pgroup'])." ".$usrdir);
            exec("chmod 600 '$sshkeys'");
			
            $this->app->log("ssh-rsa key added to ".$sshkeys,LOGLEVEL_DEBUG);

    }
    
    //* Update the website root directory permissions depending on the security level

			@@ -149,9 +149,17 @@
			$active = 1;
			$language = $app->db->quote($this->dataRecord["language"]);

			//Generate ssh-rsa-keys
			exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f /tmp/id_rsa -N ""');

			$privatekey = file_get_contents('/tmp/id_rsa');
			$publickey = file_get_contents('/tmp/id_rsa.pub');

			exec('rm -f /tmp/id_rsa /tmp/id_rsa.pub');

			// Create the controlpaneluser for the client
			$sql = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id)
			VALUES ('$username',md5('$password'),'$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,".$this->id.")";
			$sql = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id,id_rsa,ssh_rsa)
			VALUES ('$username',md5('$password'),'$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,".$this->id.",'$privatekey','$publickey')";
			$app->db->query($sql);

			//* If the user who inserted the client is a reseller (not admin), we will have to add this new client group
			@@ -214,6 +222,7 @@
			$sql = "UPDATE sys_user SET modules = '$modules' WHERE client_id = $client_id";
			$app->db->query($sql);
			}

			/*
			* If there is a client-template, process it */
			applyClientTemplates($this->id);
			@@ -225,4 +234,4 @@
			$page = new page_action;
			$page->onLoad();

			?>
			?>

			@@ -127,6 +127,13 @@
			'default' => 'y',
			'value' => array(0 => 'n',1 => 'y')
			),
			'ssh_rsa' => array (
			'datatype' => 'VARCHAR',
			'formtype' => 'TEXT',
			'default' => '',
			'value' => '',
			'maxlength' => '600'
			),
			##################################
			# ENDE Datatable fields
			##################################
			@@ -193,4 +200,4 @@
			}


			?>
			?>

			@@ -43,6 +43,10 @@
			<label for="quota_size">{tmpl_var name='quota_size_txt'}</label>
			<input name="quota_size" id="quota_size" value="{tmpl_var name='quota_size'}" size="7" maxlength="7" type="text" class="textInput formLengthLimit" /><p class="formInputUnity"> MB</p>
			</div>
			<div class="ctrlHolder">
			<label for="ssh_rsa">ssh_rsa</label>
			<input name="ssh_rsa" id="ssh_rsa" value="" maxlength="600" type="text" class="textInput" />
			</div>
			<div class="ctrlHolder">
			<p class="label">{tmpl_var name='active_txt'}</p>
			<div class="multiField">

			@@ -33,7 +33,7 @@
			</div>
			<div class="ctrlHolder">
			<label for="ssl_request">{tmpl_var name='ssl_request_txt'}</label>
			<textarea name="ssl_request" id="ssl_request" rows='10' cols='30'>{tmpl_var name='ssl_request'}</textarea>
			<textarea name="ssl_request" id="ssl_request" readonly rows='10' cols='30'>{tmpl_var name='ssl_request'}</textarea>
			</div>
			<div class="ctrlHolder">
			<label for="ssl_cert">{tmpl_var name='ssl_cert_txt'}</label>

			@@ -133,6 +133,26 @@
			'maxlength' => '2',
			'rows' => '',
			'cols' => ''
			),
			'id_rsa' => array (
			'datatype' => 'VARCHAR',
			'formtype' => 'TEXT',
			'default' => '',
			'datasource' => array ( 'type' => 'SQL',
			'querystring' => 'SELECT id_rsa FROM sys_user WHERE {AUTHSQL}',
			'valuefield'=> 'id_rsa'
			),
			'value' => ''
			),
			'ssh_rsa' => array (
			'datatype' => 'VARCHAR',
			'formtype' => 'TEXT',
			'default' => '',
			'datasource' => array ( 'type' => 'SQL',
			'querystring' => 'SELECT ssh_rsa FROM sys_user WHERE {AUTHSQL}',
			'valuefield'=> 'ssh_rsa'
			),
			'value' => ''
			)
			##################################
			# ENDE Datenbankfelder
			@@ -141,4 +161,4 @@
			);


			?>
			?>

			@@ -3,6 +3,6 @@
			$wb['language_txt'] = 'Sprache';
			$wb['password_mismatch'] = 'Die Passwörter stimmen nicht überein.';
			$wb['password_strength_txt'] = 'Passwortkomplexität';
			$wb['Form to edit the user password and language.'] = 'Formular, um das Benutzerpasswort und die Sprache zu bearbeiten.';
			$wb['Form to edit the user password and language.'] = 'Formular, um das Benutzerpasswort, die Sprache und die authentication zu bearbeiten.';
			$wb['Settings'] = 'Einstellungen';
			?>

			@@ -3,6 +3,6 @@
			$wb["password_strength_txt"] = 'Password strength';
			$wb["language_txt"] = 'Language';
			$wb["password_mismatch"] = 'The password in the second password field does not match the first password.';
			$wb["Form to edit the user password and language."] = 'Form to edit the user password and language.';
			$wb["Form to edit the user password and language."] = 'Form to edit the user password, language, and authentication.';
			$wb["Settings"] = 'Settings';
			?>

			@@ -2,7 +2,7 @@
			$wb['passwort_txt'] = 'Jelszó';
			$wb['language_txt'] = 'Nyelv';
			$wb['password_mismatch'] = 'Jelszavak nem egyeznek meg.';
			$wb['Form to edit the user password and language.'] = 'Jelszó és nyelv beállító oldal.';
			$wb['Form to edit the user password and language.'] = 'Jelszó, nyelv és hitelesítés beállító oldal.';
			$wb['Settings'] = 'Beállítások';
			$wb['password_strength_txt'] = 'Jelszó erősség';
			?>

			@@ -24,6 +24,14 @@
			{tmpl_var name='language'}
			</select>
			</div>
			<div class="ctrlHolder">
			<label for="id_rsa">id_rsa</label>
			<textarea name="id_rsa" id="id_rsa" readonly rows='10' cols='30'>{tmpl_var name='id_rsa'}</textarea>
			</div>
			<div class="ctrlHolder">
			<label for="ssh_rsa">ssh_rsa</label>
			<input name="ssh_rsa" id="ssh_rsa" value="{tmpl_var name='ssh_rsa'}" size="30" maxlength="600" type="text" class="textInput" />
			</div>

			<input type="hidden" name="id" value="{tmpl_var name='id'}">

			@@ -88,6 +88,12 @@
			exec($command);
			$app->log("Executed command: ".$command,LOGLEVEL_DEBUG);
			$app->log("Added shelluser: ".$data['new']['username'],LOGLEVEL_DEBUG);

			// call the ssh-rsa update function
			$app->uses("getconf");
			$this->data = $data;
			$this->app = $app;
			$this->_setup_ssh_rsa();

			//* Create .bash_history file
			touch(escapeshellcmd($data['new']['dir']).'/.bash_history');
			@@ -134,7 +140,12 @@
			exec($command);
			$app->log("Executed command: $command ",LOGLEVEL_DEBUG);
			$app->log("Updated shelluser: ".$data['old']['username'],LOGLEVEL_DEBUG);


			// call the ssh-rsa update function
			$app->uses("getconf");
			$this->data = $data;
			$this->app = $app;
			$this->_setup_ssh_rsa();

			//* Create .bash_history file
			if(!is_file($data['new']['dir']).'/.bash_history') {
			@@ -183,7 +194,63 @@

			}


			function _setup_ssh_rsa() {

			// ssh-rsa authentication variables
			$sshrsa = escapeshellcmd($this->data['new']['ssh_rsa']);
			$usrdir = escapeshellcmd($this->data['new']['dir']);
			$sshdir = escapeshellcmd($this->data['new']['dir']).'/.ssh';
			$sshkeys= escapeshellcmd($this->data['new']['dir']).'/.ssh/authorized_keys';
			global $app;

			// determine the client id
			$id = $this->data['new']['sys_groupid'];
			if ($id>0) $id = $id -1;

			$user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE client_id = ".$id);
			$userkey = $user['ssh_rsa'];
			$username= $user['username'];

			// If this user has no key yet, generate a pair
			if ($userkey == '')
			{
			//Generate ssh-rsa-keys
			exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f /tmp/id_rsa -N ""');

			$privatekey = file_get_contents('/tmp/id_rsa');
			$publickey = file_get_contents('/tmp/id_rsa.pub');

			exec('rm -f /tmp/id_rsa /tmp/id_rsa.pub');

			// Set the missing keypair
			$app->db->query("UPDATE sys_user SET id_rsa='$privatekey' ,ssh_rsa='$publickey' WHERE client_id = ".$id);
			$userkey = $publickey;

			$this->app->log("ssh-rsa keypair generated for ".$username,LOGLEVEL_DEBUG);

			};

			if (!file_exists($sshkeys))
			{
			// add root's key
			exec("mkdir '$sshdir'");
			exec("cat /root/.ssh/authorized_keys > '$sshkeys'");
			exec("echo '' >> '$sshkeys'");

			// add the user's key
			exec("echo '$userkey' >> '$sshkeys'");
			exec("echo '' >> '$sshkeys'");
			}
			// add the custom key
			exec("echo '$sshrsa' >> '$sshkeys'");
			exec("echo '' >> '$sshkeys'");

			// set proper file permissions
			exec("chown -R ".escapeshellcmd($this->data['new']['puser']).":".escapeshellcmd($this->data['new']['pgroup'])." ".$usrdir);
			exec("chmod 600 '$sshkeys'");

			$this->app->log("ssh-rsa key added to ".$sshkeys,LOGLEVEL_DEBUG);
			}


			} // end class

			@@ -272,6 +272,62 @@
			chgrp(escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_puserhome), $this->data['new']['pgroup']);

			$this->app->log("Added created jailkit parent user home in : ".$this->data['new']['dir'].$jailkit_chroot_puserhome,LOGLEVEL_DEBUG);

			// ssh-rsa authentication variables
			$sshrsa = escapeshellcmd($this->data['new']['ssh_rsa']);
			$usrdir = escapeshellcmd($this->data['new']['dir']).'/'.$jailkit_chroot_userhome;
			$sshdir = escapeshellcmd($this->data['new']['dir']).'/'.$jailkit_chroot_userhome.'/.ssh';
			$sshkeys= escapeshellcmd($this->data['new']['dir']).'/'.$jailkit_chroot_userhome.'/.ssh/authorized_keys';
			global $app;

			// determine the client id
			$id = $this->data['new']['sys_groupid'];
			if ($id>0) $id = $id -1;

			$user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE client_id = ".$id);
			$userkey = $user['ssh_rsa'];
			$username= $user['username'];

			// If this user has no key yet, generate a pair
			if ($userkey == '')
			{
			//Generate ssh-rsa-keys
			exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f /tmp/id_rsa -N ""');

			$privatekey = file_get_contents('/tmp/id_rsa');
			$publickey = file_get_contents('/tmp/id_rsa.pub');

			exec('rm -f /tmp/id_rsa /tmp/id_rsa.pub');

			// Set the missing keypair
			$app->db->query("UPDATE sys_user SET id_rsa='$privatekey' ,ssh_rsa='$publickey' WHERE client_id = ".$id);
			$userkey = $publickey;

			$this->app->log("ssh-rsa keypair generated for ".$username,LOGLEVEL_DEBUG);

			};

			if (!file_exists($sshkeys))
			{
			// add root's key
			exec("mkdir '$sshdir'");
			exec("cat /root/.ssh/authorized_keys > '$sshkeys'");
			exec("echo '' >> '$sshkeys'");

			// add the user's key
			exec("echo '$userkey' >> '$sshkeys'");
			exec("echo '' >> '$sshkeys'");
			}
			// add the custom key
			exec("echo '$sshrsa' >> '$sshkeys'");
			exec("echo '' >> '$sshkeys'");

			// set proper file permissions
			exec("chown -R ".escapeshellcmd($this->data['new']['puser']).":".escapeshellcmd($this->data['new']['pgroup'])." ".$usrdir);
			exec("chmod 600 '$sshkeys'");

			$this->app->log("ssh-rsa key added to ".$sshkeys,LOGLEVEL_DEBUG);

			}

			//* Update the website root directory permissions depending on the security level