flatcar
update-ssh-keys not working to add a secondary or tertiary entry in authorized_keys for user
Description
Flatcar overwrites the authorized_keys file on reboot, so ’update-ssh-keys’ is required to update the exisiting authorized_keys file.
update-ssh-keys program runs forever without any output to console when running the command:
update-ssh-keys -u joeadmin -a 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZ7E5LpKNYXpfrG39mK+Qwoks+fGmidJBcPdfaZvMFZ [email protected]'
Impact
Unable to add additional ssh keys to a user account’s authorized_keys file that is persistent after the VM is provisioned. Without SSH keys for this admin account, would have to share a password.
Environment and steps to reproduce
- New Flatcar Stable (Flatcar Container Linux by Kinvolk 3975.2.1 (Oklo))
- Azure VM Image: kinvolk:flatcar-container-linux:stable-gen2:latest
- ignition file containing a user with a ssh key
- Log into the Flatcar VM.
- sudo -i
- update-ssh-keys -u joeadmin -a 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZ7E5LpKNYXpfrG39mK+Qwoks+fGmidJBcPdfaZvMFZ [email protected]’
Expected behavior
update-ssh-keys should not run forever. Return an error and implement a timeout.
Additional Information
Really be great to add a few examples in the help file - update-ssh-keys -h
You're not quite using it right. You're supposed to give an identifier with the -a argument, which it uses to write the key under ~/.ssh/authorized_keys.d/<NAME>. You can delete the key using this identifier later. The key itself can either be given as a subsequent file path or via stdin like this:
echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZ7E5LpKNYXpfrG39mK+Qwoks+fGmidJBcPdfaZvMFZ [email protected]' > mykey
update-ssh-keys -u joeadmin -a joe.smoe ./mykey
update-ssh-keys -u joeadmin -a joe.smoe <<< 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZ7E5LpKNYXpfrG39mK+Qwoks+fGmidJBcPdfaZvMFZ [email protected]'
I must admit that being unfamiliar with the tool myself, I also found this extremely confusing. I think the approach is fine, but it does need to be documented better.
