Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improvements for SSH public key management #15

Open
brenns10 opened this issue Aug 25, 2023 · 3 comments
Open

Improvements for SSH public key management #15

brenns10 opened this issue Aug 25, 2023 · 3 comments
Assignees
@sipasing
Labels
enhancement New feature or request

Comments

@brenns10
Copy link
Member

Currently we have the configuration ssh_public_key, which is supposed to be the file path to the user's public key.

The expectation is that this points to the public half of a public/private key pair sitting in ~/.ssh, e.g. ~/.ssh/id_rsa.pub. If the private half of the key pair exists, then Yo will happily include a -i ~/.ssh/id_rsa in SSH commands in order to specify which SSH identity gets used. This is a somewhat nice feature in case a user has SSH configured with strict identities, or if the SSH key lives outside of ~/.ssh, but that's not usually the case. Normally, passing -i IDENTITY is unnecessary.

More importantly, the SSH public key configuration's main duty (outside of this weird "find the private key" implementation detail) is supposed to be that it's provided to OCI when launching an instance. Except OCI can take multiple public keys - it's asking for an authorized_keys file, not necessarily just a single public key. This is a very useful ability, since people may have multiple machines, each with their own key, and they should be able to provision all the public keys if they want.

Right now, you can just stick multiple keys into a file and set ssh_public_key to point to that file. But that's bad because you'll probably break the private key semantics described above. Plus, the name ssh_public_key is wrong: it should be authorized_keys_file.

So I would like to do:

  1. Add an ssh_private_key configuration option which is very optional. It could be used for the -i cases above.
  2. Add an authorized_keys_file configuration option to be used for launching instances.
  3. Deprecate ssh_public_key configuration option. Raise an error if it is present with either of the above options.
@brenns10 brenns10 added the enhancement New feature or request label Aug 25, 2023
@sipasing
Copy link
Member

sipasing commented Apr 11, 2024
edited
Loading

@brenns10 Thanks for laying out the task requirements. I work for OL virtualization team and use yo pretty much everyday. Can i take this task ?

@brenns10
Copy link
Member Author

Yes, feel free! Thank you :)

@sipasing
Copy link
Member

Gr8. Can you assign this to me, it will help set up email subscription’s automatically . Also helps track different GitHub projects assigned at once.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sipasing sipasing

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@brenns10 @sipasing