You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When updating to the new Ignition version the ebuild file set distro.writeAuthorizedKeysFragment=false to write the SSH pub keys to .ssh/authorized_keys directly instead of .ssh/authorized_keys.d/flatcar-ignition as before.
Impact
The keys will get lost when update-ssh-keys rewrites the .ssh/authorized_keys file
Environment and steps to reproduce
Didn't try to reproduce it, was just reading the code
Expected behavior
Ignition used to have similar code to what update-ssh-keys does in internal/authorized_keys_d/authorized_keys_d.go but now that code is gone because Fedora CoreOS uses the internal mechanism of SSH to read from this directory but that mechanism is not used in Flatcar. Therefore, just enabling writeAuthorizedKeysFragment is not enough either, because in addition we have to call update-ssh-keys after Ignition wrote the files to authorized_keys.d/ignition.
The new Ignition version dropped support for creating the
authorized_keys file alongside the authorized_keys.d entry and can only
write one of them.
Call update-ssh-keys once after Ignition ran, for each user that has
the authorized_keys.d folder.
Fixesflatcar/Flatcar#699
The new Ignition version dropped support for creating the
authorized_keys file alongside the authorized_keys.d entry and can only
write one of them.
Call update-ssh-keys once after Ignition ran, for each user that has
the authorized_keys.d folder.
Fixesflatcar/Flatcar#699
pothos
added a commit
to flatcar/init
that referenced
this issue
Apr 4, 2022
The new Ignition version dropped support for creating the
authorized_keys file alongside the authorized_keys.d entry and can only
write one of them.
Call update-ssh-keys once after Ignition ran, for each user that has
the authorized_keys.d folder.
Fixesflatcar/Flatcar#699
pothos
added a commit
to flatcar/init
that referenced
this issue
Apr 4, 2022
The new Ignition version dropped support for creating the
authorized_keys file alongside the authorized_keys.d entry and can only
write one of them.
Call update-ssh-keys once after Ignition ran, for each user that has
the authorized_keys.d folder.
Fixesflatcar/Flatcar#699
Description
When updating to the new Ignition version the ebuild file set
distro.writeAuthorizedKeysFragment=false
to write the SSH pub keys to.ssh/authorized_keys
directly instead of.ssh/authorized_keys.d/flatcar-ignition
as before.Impact
The keys will get lost when update-ssh-keys rewrites the
.ssh/authorized_keys
fileEnvironment and steps to reproduce
Didn't try to reproduce it, was just reading the code
Expected behavior
Ignition used to have similar code to what
update-ssh-keys
does ininternal/authorized_keys_d/authorized_keys_d.go
but now that code is gone because Fedora CoreOS uses the internal mechanism of SSH to read from this directory but that mechanism is not used in Flatcar. Therefore, just enablingwriteAuthorizedKeysFragment
is not enough either, because in addition we have to callupdate-ssh-keys
after Ignition wrote the files toauthorized_keys.d/ignition
.Additional information
discovered when reading https://github.com/flatcar-linux/coreos-overlay/pull/1784/files
The text was updated successfully, but these errors were encountered: