Recue boot, cannot register more than 1 public key

Question

Recue boot, cannot register more than 1 public key

Opened this issue 2 months ago · 5 comments

131 commented 2 months ago

Have you already contacted our help centre?

Yes, I have contacted the help centre.

Is there an existing issue for this?

I have checked the existing issues

Describe the bug

On the manager , when configuring the rescue boot ssh-key, only the first key is used. (but the field is multi-line and is deceptive in this way)
Using multiple keys allow me to register an OVH technician key in addition of my own

Steps To Reproduce

In the manager / dedicated server / rescue boot / configure 2 SSH key

Expected Behavior

The 2 public keys are present in /root/.ssh/authorized_keys, not only the 1st one.

What browsers are you using?

Firefox

Which devices are used?

Desktop

Additional information to add?

No response

Answer 1 · 2024-07-25T12:44:09.000Z

@131 why do you need multiple SSH keys when booting into rescue ? Can you provide us more context ?

Answer 2 · 2024-07-31T12:36:41.000Z

I'd like to see this too. Needed this recently.

Answer 3 · 2024-07-31T13:11:10.000Z

I'm asking more context because I don't really understand the use case where you would need multiple SSH keys for a rescue. Indeed, the rescue is designed to be a toolbox for troubleshooting purposes, not to be a live system.
That's why we are not going to implement such feature, direction is to patch the regex to forbid this hack.

Answer 4 · 2024-07-31T14:10:58.000Z

It's just handy if you need to provide rescue access to more than 1 person/pubkey. But yes, to avoid confusion it's probably best to just remove the ability to provide more than one key.

Answer 5 · 2024-08-19T05:52:11.000Z

Using multiple keys allow me to register an OVH technician key in addition of my own. Or working on the rescue with a pair for auditing different parts/tests and work more efficiently.

This « 1key » restriction will force users(myself) towards non standards process (e.g generating temporary private keys and having to distribute them to collaborate on a rescue system)

Other than dedicated private keys, when working on systems, i consider « pools » of trusted keys (Layer 0 IT admins) with no distinctions between then rather than one specific « developper » key.

This is the fist API i see that restrict me to use « only one key » and maybe, if not found anywhere else, it might be because this design never proved its worth.