Bug #3931: ssh contextualisation should *not* overwrite authorized_keys file - OpenNebula - OpenNebula Development pages

Bug #3931

ssh contextualisation should not overwrite authorized_keys file

Added by Nico Schottelius almost 6 years ago. Updated almost 6 years ago.

Status:

Closed

Start date:

08/11/2015

Priority:

Normal

Due date:

Assignee:

Javi Fontan

% Done:

Category:

Context

Target version:

Release 4.14

Resolution:

fixed

Pull request:

Affected Versions:

OpenNebula 4.12

Description

The problem with overwriting on (re-)boot is that every manual change is overwritten. This causes problems, because users are usually not aware of what opennebula is "doing to their VM".

I suggest to change it to append, if the key is not present. It can be a very simple script like if ! grep "$key" ~root/.ssh/authorized_keys; then echo $key >> ... ; fi

If the contextualisation packages are somewhere available in a version control repo, I can also create a pull request

History

#1 Updated by Daniel Dehennin almost 6 years ago

The context repository is an addon on GitHub.

#2 Updated by Ruben S. Montero almost 6 years ago

Category set to Context
Target version set to Release 4.14

#3 Updated by Ruben S. Montero almost 6 years ago

Assignee set to Javi Fontan

#4 Updated by Javi Fontan almost 6 years ago

I would do that per line as SSH_PUBLIC_KEY can contain more than one key. The code for the script that generates authorized_keys is at:

https://github.com/OpenNebula/addon-context-linux/blob/master/base/etc/one-context.d/02-ssh_public_key

The file is emptied so it does not grow indefinitely in each boot.

#5 Updated by Nico Schottelius almost 6 years ago

I think an easy solution is to use a while loop:

while read key; do
    if grep -v -q -e "$key" /root/.ssh/authorized_keys; then
        echo $key >> /root/.ssh/authorized_keys
    fi
done < "$SSH_PUBLIC_KEY"