pyinfra-dev
Setting user SSH keys fails when authorized_keys file is a symlink
Describe the bug
Tasks like server.user and server.user_authorized_keys check to make sure the user's ~/.ssh/authorized_keys file is indeed a regular file, and fail if it isn't. However, the assumption that authorized_keys is a regular file doesn't necessarily hold everywhere.
On Proxmox, /root/.ssh/authorized_keys is a symlink to /etc/pve/priv/authorized_keys because /etc/pve is a filesystem that's synchronized across all nodes in a Proxmox cluster. In this scenario this operation will fail.
To Reproduce
Make a file somewhere else and link .ssh/authorized_keys to it. Use the "user_authorized_keys" task to try to set that user's authorized SSH keys.
touch ~/.ssh/authorized_keys
mv ~/.ssh/authorized_keys ~/.ssh/real_authorized_keys
ln -s ~/.ssh/real_authorized_keys ~/.ssh/authorized_keys
pyinfra @local server.user_authorized_keys public_keys=~/.ssh/id_rsa.pub user=$USER
Expected behavior
If ~/.ssh/authorized_keys is a symlink, Pyinfra should instead check to see if the link target is a regular file, then proceed as normal.
Meta
- Include output of
pyinfra --support.
System: Linux
Platform: Linux-6.9.6-arch1-1-x86_64-with-glibc2.39
Release: 6.9.6-arch1-1
Machine: x86_64
pyinfra: v3.0b1
Executable: /home/taliaferro/.local/share/virtualenvs/infra-gRqFrJWx/bin/pyinfra
Python: 3.12.3 (CPython, GCC 13.2.1 20240417)
- How was pyinfra installed (source/pip)? Pip
Setting authorized_key_filename/authorized_key_directory to the values of the actual file fixes the issue for me (at least for server.user_authorized_keys()).
Unfortunately server.user() does not support those two keyword arguments.
If ~/.ssh/authorized_keys is a symlink, Pyinfra should instead check to see if the link target is a regular file, then proceed as normal.
Of course this would be nicer for end users :slightly_smiling_face:
