From 6f1551c732bd0de83f0ecae4d6197fd38d8c3241 Mon Sep 17 00:00:00 2001
From: Pavel Zakharov <pavel.zakharov@delphix.com>
Date: Mon, 12 Nov 2018 12:46:56 -0500
Subject: [PATCH] DLPX-61319 Cloud-init fails to add authorized user ssh key

---
 cloudinit/ssh_util.py | 22 ++++++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/cloudinit/ssh_util.py b/cloudinit/ssh_util.py
index 3f99b58cc..717546df6 100644
--- a/cloudinit/ssh_util.py
+++ b/cloudinit/ssh_util.py
@@ -1,5 +1,6 @@
 # Copyright (C) 2012 Canonical Ltd.
 # Copyright (C) 2012 Hewlett-Packard Development Company, L.P.
+# Copyright (c) 2018 by Delphix. All rights reserved.
 #
 # Author: Scott Moser <scott.moser@canonical.com>
 # Author: Juerg Hafliger <juerg.haefliger@hp.com>
@@ -8,6 +9,7 @@
 
 import os
 import pwd
+import shlex
 
 from cloudinit import log as logging
 from cloudinit import util
@@ -221,16 +223,32 @@ def extract_authorized_keys(username):
             # The following tokens are defined: %% is replaced by a literal
             # '%', %h is replaced by the home directory of the user being
             # authenticated and %u is replaced by the username of that user.
+            # Note that there may be multiple files defined, separated by
+            # white space. If multiple files are detected, return the first
+            # one.
             ssh_cfg = parse_ssh_config_map(DEF_SSHD_CFG)
-            auth_key_fn = ssh_cfg.get("authorizedkeysfile", '').strip()
+            value = ssh_cfg.get("authorizedkeysfile", '').strip()
+            if value:
+                files = shlex.split(value)
+                if len(files) == 1:
+                    auth_key_fn = files[0]
+                elif len(files) > 1:
+                    auth_key_fn = files[0]
+                    LOG.debug("Entry 'AuthorizedKeysFile' in ssh config "
+                              "defines multiple files. Using the first one: "
+                              "%r.", auth_key_fn)
+                else:
+                    LOG.debug("Entry 'AuthorizedKeysFile' in ssh config "
+                              "has empty value. Using default file.")
             if not auth_key_fn:
                 auth_key_fn = "%h/.ssh/authorized_keys"
+
             auth_key_fn = auth_key_fn.replace("%h", pw_ent.pw_dir)
             auth_key_fn = auth_key_fn.replace("%u", username)
             auth_key_fn = auth_key_fn.replace("%%", '%')
             if not auth_key_fn.startswith('/'):
                 auth_key_fn = os.path.join(pw_ent.pw_dir, auth_key_fn)
-        except (IOError, OSError):
+        except (IOError, OSError, ValueError):
             # Give up and use a default key filename
             auth_key_fn = os.path.join(ssh_dir, 'authorized_keys')
             util.logexc(LOG, "Failed extracting 'AuthorizedKeysFile' in ssh "