Ability to add temporary or permanent keys at image generation and/or first boot time
This PR allows setting of temporary authorized keys (/etc/jaiabot/ssh/tmp_authorized_keys) in either:
the rootfs at image creation time (by committing them to the repo in rootfs/customization/includes.chroot/etc/jaiabot/ssh/tmp_authorized_keys). This would presumably be used by keys known to Jaia to do fleet creation (e.g., contract manufacturer keys)
first boot preseed (jaia_do_add_authorized_keys=true and jaia_tmp_authorized_keys={list of keys}). This gives more flexibility for keys not known at image creation time.
These temporary keys are now cleared on the first run of fleet-config.sh. This is intended for a contract manufacturer or other entity without access to the root keys to allow initial bring up of the system to the point where additional keys can be authorized over the service VPN.
Finally, I've also added the ability for first boot (preseed settings jaia_do_add_authorized_keys=true and jaia_perm_authorized_keys={list of keys}) to add permanent keys to /home/jaia/.ssh/authorized_keys (e.g., for the case where a customer wants keys preinstalled, and to support VirtualBox fleets).
Minor Jaia tool improvements
This PR also adds a number of improvements to make jaia admin ssh easier to use (and also existing tools that use the short host code such as jaia ssh).
Add self as host option
In addition to "bNfM" and "hNfM", I added "self" as a valid target host for jaia commands. This is helpful when running jaia directly on the hub (as opposed to an external machine).
For example, to show authorized keys on the current machine:
jaia admin ssh list self
Allow omitting 'fN' when running commands on current fleet.
If you're running the jaia tool on a hub or bot, you can omit the fN part of the host code to refer to the current fleet, e.g., when run on a hub:
jaia ssh b4
will log into bot 4 of the same fleet as the hub
Updates to "jaia admin ssh add"
I added the ability to set "forever" as the valid_for, which defaults the key to /home/jaia/.ssh/authorized_keys.
This means you add customer keys that are permanent by simply typing
Ability to add temporary or permanent keys at image generation and/or first boot time
This PR allows setting of temporary authorized keys (
/etc/jaiabot/ssh/tmp_authorized_keys
) in either:rootfs/customization/includes.chroot/etc/jaiabot/ssh/tmp_authorized_keys
). This would presumably be used by keys known to Jaia to do fleet creation (e.g., contract manufacturer keys)jaia_do_add_authorized_keys=true
andjaia_tmp_authorized_keys={list of keys}
). This gives more flexibility for keys not known at image creation time.These temporary keys are now cleared on the first run of fleet-config.sh. This is intended for a contract manufacturer or other entity without access to the root keys to allow initial bring up of the system to the point where additional keys can be authorized over the service VPN.
Finally, I've also added the ability for first boot (preseed settings
jaia_do_add_authorized_keys=true
andjaia_perm_authorized_keys={list of keys}
) to add permanent keys to /home/jaia/.ssh/authorized_keys (e.g., for the case where a customer wants keys preinstalled, and to support VirtualBox fleets).Minor Jaia tool improvements
This PR also adds a number of improvements to make
jaia admin ssh
easier to use (and also existing tools that use the short host code such asjaia ssh
).Add self as host option
In addition to "bNfM" and "hNfM", I added "self" as a valid target host for
jaia
commands. This is helpful when runningjaia
directly on the hub (as opposed to an external machine).For example, to show authorized keys on the current machine:
Allow omitting 'fN' when running commands on current fleet.
If you're running the
jaia
tool on a hub or bot, you can omit thefN
part of the host code to refer to the current fleet, e.g., when run on a hub:will log into bot 4 of the same fleet as the hub
Updates to "jaia admin ssh add"
I added the ability to set "forever" as the valid_for, which defaults the key to /home/jaia/.ssh/authorized_keys.
This means you add customer keys that are permanent by simply typing
rather than
Add "jaia admin ssh known"
New subtool "jaia admin ssh known" lists the key comments compiled in so you can quickly see what keys are available in the tool.
or