aws
More validations around SSH keys
The SSH key(s) for a user is one of the input fields in the provider Machine configs, to allow connecting to a node via SSH. This field is made mutable during upgrades to allow rotation of keys for security purposes. However, there is no guard around setting the field to empty ("") or if there is a typo in the public key field, which would lead to the user losing access to the nodes because the private key they use for SSH will not match the current public key on the node. Although an upgrade with the proper key would fix this, this puts too much belief on the upgrade not failing.
We should make this more robust by adding more validations around SSH keys during upgrade, such as:
- Checking for empty string input
- Warning user when changing SSH keys to a new value
- Possible
ssh-keygenchecks to validate the public key matches private key (although this would mean the CLI reads the private key)
Do we have a way for no ssh access? Seems like empty string is a good way to disable ssh.
