Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update-ssh-keys not working to add a secondary or tertiary entry in authorized_keys for user #1554

Open
bignay2000 opened this issue Oct 3, 2024 · 2 comments
Open

update-ssh-keys not working to add a secondary or tertiary entry in authorized_keys for user #1554

bignay2000 opened this issue Oct 3, 2024 · 2 comments
Labels
kind/bug Something isn't working

Comments

@bignay2000
Copy link

bignay2000 commented Oct 3, 2024
edited
Loading

Description

Flatcar overwrites the authorized_keys file on reboot, so ’update-ssh-keys’ is required to update the exisiting authorized_keys file.

update-ssh-keys program runs forever without any output to console when running the command:

update-ssh-keys -u joeadmin -a 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZ7E5LpKNYXpfrG39mK+Qwoks+fGmidJBcPdfaZvMFZ joe.smoe@smoe.com'

Impact

Unable to add additional ssh keys to a user account’s authorized_keys file that is persistent after the VM is provisioned. Without SSH keys for this admin account, would have to share a password.

Environment and steps to reproduce

  1. New Flatcar Stable (Flatcar Container Linux by Kinvolk 3975.2.1 (Oklo))
  2. Azure VM Image: kinvolk:flatcar-container-linux:stable-gen2:latest
  3. ignition file containing a user with a ssh key
  4. Log into the Flatcar VM.
  5. sudo -i
  6. update-ssh-keys -u joeadmin -a 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZ7E5LpKNYXpfrG39mK+Qwoks+fGmidJBcPdfaZvMFZ joe.smoe@smoe.com

Expected behavior

update-ssh-keys should not run forever. Return an error and implement a timeout.

Additional Information

Really be great to add a few examples in the help file - update-ssh-keys -h
@bignay2000 bignay2000 added the kind/bug Something isn't working label Oct 3, 2024
@bignay2000
Copy link
Author

bignay2000 commented Oct 3, 2024
edited
Loading

ignition.flatcar.bu.yaml.txt

@chewi
Copy link
Contributor

chewi commented Oct 4, 2024

You're not quite using it right. You're supposed to give an identifier with the -a argument, which it uses to write the key under ~/.ssh/authorized_keys.d/<NAME>. You can delete the key using this identifier later. The key itself can either be given as a subsequent file path or via stdin like this:

echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZ7E5LpKNYXpfrG39mK+Qwoks+fGmidJBcPdfaZvMFZ joe.smoe@smoe.com' > mykey
update-ssh-keys -u joeadmin -a joe.smoe ./mykey

update-ssh-keys -u joeadmin -a joe.smoe <<< 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZ7E5LpKNYXpfrG39mK+Qwoks+fGmidJBcPdfaZvMFZ joe.smoe@smoe.com'

I must admit that being unfamiliar with the tool myself, I also found this extremely confusing. I think the approach is fine, but it does need to be documented better.

@github-actions github-actions bot mentioned this issue Oct 22, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Something isn't working
Projects
Flatcar tactical, release planning, and roadmap
Status: 📝 Needs Triage
Milestone
No milestone
Development

No branches or pull requests
2 participants
@chewi @bignay2000