Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Alpha: ignition v3 should write SSH pub keys to authorized_keys.d #699

Closed
pothos opened this issue Mar 31, 2022 · 0 comments · Fixed by flatcar/init#66
Closed

Alpha: ignition v3 should write SSH pub keys to authorized_keys.d #699

pothos opened this issue Mar 31, 2022 · 0 comments · Fixed by flatcar/init#66
Assignees
@pothos
Labels
component/ignition kind/bug Something isn't working

Comments

@pothos
Copy link
Member

pothos commented Mar 31, 2022

Description

When updating to the new Ignition version the ebuild file set distro.writeAuthorizedKeysFragment=false to write the SSH pub keys to .ssh/authorized_keys directly instead of .ssh/authorized_keys.d/flatcar-ignition as before.

Impact

The keys will get lost when update-ssh-keys rewrites the .ssh/authorized_keys file

Environment and steps to reproduce

Didn't try to reproduce it, was just reading the code

Expected behavior

Ignition used to have similar code to what update-ssh-keys does in internal/authorized_keys_d/authorized_keys_d.go but now that code is gone because Fedora CoreOS uses the internal mechanism of SSH to read from this directory but that mechanism is not used in Flatcar. Therefore, just enabling writeAuthorizedKeysFragment is not enough either, because in addition we have to call update-ssh-keys after Ignition wrote the files to authorized_keys.d/ignition.

Additional information

discovered when reading https://github.com/flatcar-linux/coreos-overlay/pull/1784/files
@pothos pothos added the kind/bug Something isn't working label Mar 31, 2022
@pothos pothos mentioned this issue Mar 31, 2022
Closed
2 tasks
pothos added a commit to flatcar/init that referenced this issue Apr 1, 2022
@pothos
systemd/system: run update-ssh-keys once after Ignition
aac449d 
The new Ignition version dropped support for creating the
authorized_keys file alongside the authorized_keys.d entry and can only
write one of them.
Call update-ssh-keys once after Ignition ran, for each user that has
the authorized_keys.d folder.

Fixes flatcar/Flatcar#699
@pothos pothos mentioned this issue Apr 1, 2022
Merged
1 task
@pothos pothos self-assigned this Apr 1, 2022
pothos added a commit to flatcar/init that referenced this issue Apr 4, 2022
@pothos
systemd/system: run update-ssh-keys once after Ignition
901282d 
The new Ignition version dropped support for creating the
authorized_keys file alongside the authorized_keys.d entry and can only
write one of them.
Call update-ssh-keys once after Ignition ran, for each user that has
the authorized_keys.d folder.

Fixes flatcar/Flatcar#699
pothos added a commit to flatcar/init that referenced this issue Apr 4, 2022
@pothos
systemd/system: run update-ssh-keys once after Ignition
3464a3e 
The new Ignition version dropped support for creating the
authorized_keys file alongside the authorized_keys.d entry and can only
write one of them.
Call update-ssh-keys once after Ignition ran, for each user that has
the authorized_keys.d folder.

Fixes flatcar/Flatcar#699
pothos added a commit to flatcar/init that referenced this issue Apr 4, 2022
@pothos
systemd/system: run update-ssh-keys once after Ignition
1c54411 
The new Ignition version dropped support for creating the
authorized_keys file alongside the authorized_keys.d entry and can only
write one of them.
Call update-ssh-keys once after Ignition ran, for each user that has
the authorized_keys.d folder.

Fixes flatcar/Flatcar#699
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pothos pothos

Labels
component/ignition kind/bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

systemd/system: run update-ssh-keys once after Ignition flatcar/init
2 participants
@pothos @tormath1