metroctl: safety checks for install ssh
lorenz opened this issue · 0 comments
lorenz commented
metroctl install ssh
is very convenient, but it can also be pretty dangerous as-is as it will without a confirmation prompt clear out an existing disk and install Monogon OS over it. It uses the standard SSH keyring, so a single misissued command can use existing credentials and wipe out the root disk of a server.
There should probably be some safeguards if we detect conditions that make the target system a potentially unintentional target. This could be the age of the OS (warn if older than 1 month or so?) or possibly some kind of check for usage. If such a case is detected, a warning should be displayed to the user and they must confirm that it is indeed intended to overwrite that OS.