Prevent users from locking themselves out accidentally

[ltalirz]

In what area(s)?

/area user-management

Describe the feature

I've had two cases over the last couple of months where a user created a new SSH key, overwriting their id_rsa. This locks them out of their cluster shell access and SSH access.

It would be great if users had a way of fixing this themselves without admin intervention.

Technically, I guess they could fix this situation via the file manager on the web portal but this is non-trivial since they would need to download the new public key, the authorized_keys file, edit the file, and then upload the modified file.

This is not super high priority but I wanted to record that this is something that happens

Possible solutions

I wonder whether, at least for the web terminal, one could add a "startup hook" that checks whether the ~/.ssh/id_rsa.pub key is present in the authorized_keys and adds it if that is not the case?

Or perhaps there could be some "repair key" / "inject key" action that a user can initiate from the ondemand web portal in order to restore access.