Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Recue boot, cannot register more than 1 public key #12402

Closed
2 tasks done
131 opened this issue Jul 17, 2024 · 6 comments
Closed
2 tasks done

Recue boot, cannot register more than 1 public key #12402

131 opened this issue Jul 17, 2024 · 6 comments
Assignees
@JayBeeDe
Labels
bug Something isn't working

Comments

@131
Copy link

131 commented Jul 17, 2024

Have you already contacted our help centre?

  • Yes, I have contacted the help centre.

Is there an existing issue for this?

  • I have checked the existing issues

Describe the bug

On the manager , when configuring the rescue boot ssh-key, only the first key is used. (but the field is multi-line and is deceptive in this way)
Using multiple keys allow me to register an OVH technician key in addition of my own

Steps To Reproduce

In the manager / dedicated server / rescue boot / configure 2 SSH key

Expected Behavior

The 2 public keys are present in /root/.ssh/authorized_keys, not only the 1st one.

What browsers are you using?

Firefox

Which devices are used?

Desktop

Additional information to add?

No response
@131 131 added the bug Something isn't working label Jul 17, 2024
@JayBeeDe
Copy link
Member

@131 why do you need multiple SSH keys when booting into rescue ? Can you provide us more context ?

@Joshua2504
Copy link

I'd like to see this too. Needed this recently.

@JayBeeDe
Copy link
Member

I'm asking more context because I don't really understand the use case where you would need multiple SSH keys for a rescue. Indeed, the rescue is designed to be a toolbox for troubleshooting purposes, not to be a live system.
That's why we are not going to implement such feature, direction is to patch the regex to forbid this hack.

@Joshua2504
Copy link

It's just handy if you need to provide rescue access to more than 1 person/pubkey. But yes, to avoid confusion it's probably best to just remove the ability to provide more than one key.

@131
Copy link
Author

131 commented Aug 19, 2024
edited
Loading

Using multiple keys allow me to register an OVH technician key in addition of my own. Or working on the rescue with a pair for auditing different parts/tests and work more efficiently.

This « 1key » restriction will force users(myself) towards non standards process (e.g generating temporary private keys and having to distribute them to collaborate on a rescue system)

Other than dedicated private keys, when working on systems, i consider « pools » of trusted keys (Layer 0 IT admins) with no distinctions between then rather than one specific « developper » key.

This is the fist API i see that restrict me to use « only one key » and maybe, if not found anywhere else, it might be because this design never proved its worth.

@JayBeeDe
Copy link
Member

JayBeeDe commented Oct 3, 2024

ok thank you for the details. I understand better now this use case. But unfortunately rescue was not designed for this purpose.

I have deployed yesterday a patch in the backend to prohibit add of multiple SSH keys for rescue, OS installations, and SSH SerialOverLan.
I am NOT going to implement it in the frontend because I don't want to make OVHcloud control panel heavier (would require additional check, not possible to patch existing regex in the 3 locations)

@JayBeeDe JayBeeDe closed this as completed Oct 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@JayBeeDe JayBeeDe

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@131 @Joshua2504 @JayBeeDe