bignay2000
commented
1 month ago Open bignay2000 opened 1 month ago
bignay2000
commented
1 month ago 
chewi
commented
1 month ago You're not quite using it right. You're supposed to give an identifier with the -a argument, which it uses to write the key under ~/.ssh/authorized_keys.d/<NAME>. You can delete the key using this identifier later. The key itself can either be given as a subsequent file path or via stdin like this:
echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZ7E5LpKNYXpfrG39mK+Qwoks+fGmidJBcPdfaZvMFZ joe.smoe@smoe.com' > mykey
update-ssh-keys -u joeadmin -a joe.smoe ./mykey
update-ssh-keys -u joeadmin -a joe.smoe <<< 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZ7E5LpKNYXpfrG39mK+Qwoks+fGmidJBcPdfaZvMFZ joe.smoe@smoe.com'I must admit that being unfamiliar with the tool myself, I also found this extremely confusing. I think the approach is fine, but it does need to be documented better.
Description
Flatcar overwrites the authorized_keys file on reboot, so ’update-ssh-keys’ is required to update the exisiting authorized_keys file.
update-ssh-keys program runs forever without any output to console when running the command:
update-ssh-keys -u joeadmin -a 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZ7E5LpKNYXpfrG39mK+Qwoks+fGmidJBcPdfaZvMFZ joe.smoe@smoe.com'Impact
Unable to add additional ssh keys to a user account’s authorized_keys file that is persistent after the VM is provisioned. Without SSH keys for this admin account, would have to share a password.
Environment and steps to reproduce
Expected behavior
update-ssh-keys should not run forever. Return an error and implement a timeout.
Additional Information
Really be great to add a few examples in the help file -
update-ssh-keys -h