search

canonical / cloud-init

Official upstream for the cloud-init: cloud instance initialization
https://cloud-init.io/
Other
3k stars 884 forks source link

SSH module docs are confusing #5644

Open holmanb opened 2 months ago

holmanb commented 2 months ago

Docs-specific complaints

See the cc_set_passwords module documentation to enable/disable SSH password authentication.

cc_set_passwords is an internal name, we should just link to this doc

Supported public key types for the ssh_authorized_keys are:

The list that follows is unreasonably long, which hides more valuable content below it. This should be hidden in a drop down or on some other page or at the very least be at the bottom of the section.

rsa, ecdsa and ed25519 are added for legacy, as they are valid public keys in some older distros. They may be removed in the future when support for the older distros is dropped.

This is a confusing statement and requires the context to make any sense, since these are the only types of keys which are valid for host keys. Maybe this information could be encoded in the jsonschema so that we can use the normal deprecation and docs generation to handle this stuff?

General UI complaints

Managing the behavior of ssh keys requires touching 4 different modules (cc_ssh_import_id, cc_ssh, cc_ssh_authkey_fingerprints, cc_keys_to_console), and in total 6 independent modules affect ssh behavior (cc_set_passwords is required to configure ssh password auth, cc_phone_home makes some one-off decisions about which keys are acceptable to distribute). This UI lacks coherence and consistency.

Since ssh key management is one of the fundamental requirements of cloud-init, it may be worthwhile to rethink this UI into something cleaner for a better UX.

dermotbradley commented 2 months ago

@holmanb

I've intended to add support for dropbear and/or tinyssh SSH daemons to cloud-init for some time but one of the potential issues at the back of my mind has always been these ssh settings "all over the place"...

aciba90 commented 1 month ago

General UI complaints

Managing the behavior of ssh keys requires touching 4 different modules (cc_ssh_import_id, cc_ssh, cc_ssh_authkey_fingerprints, cc_keys_to_console), and in total 6 independent modules affect ssh behavior (cc_set_passwords is required to configure ssh password auth, cc_phone_home makes some one-off decisions about which keys are acceptable to distribute). This UI lacks coherence and consistency.

Since ssh key management is one of the fundamental requirements of cloud-init, it may be worthwhile to rethink this UI into something cleaner for a better UX.

IMO, this is an important improvement that should be tackled. But I think it should live in a separated issue, as one unit of work would be improving the docs to better reflect the current state, and the other would be to refactor the current ssh-releated keys into something easier to understand for users, right?