Recue boot, cannot register more than 1 public key
Opened this issue · 5 comments
Have you already contacted our help centre?
- Yes, I have contacted the help centre.
Is there an existing issue for this?
- I have checked the existing issues
Describe the bug
On the manager , when configuring the rescue boot ssh-key, only the first key is used. (but the field is multi-line and is deceptive in this way)
Using multiple keys allow me to register an OVH technician key in addition of my own
Steps To Reproduce
In the manager / dedicated server / rescue boot / configure 2 SSH key
Expected Behavior
The 2 public keys are present in /root/.ssh/authorized_keys, not only the 1st one.
What browsers are you using?
Firefox
Which devices are used?
Desktop
Additional information to add?
No response
@131 why do you need multiple SSH keys when booting into rescue ? Can you provide us more context ?
I'd like to see this too. Needed this recently.
I'm asking more context because I don't really understand the use case where you would need multiple SSH keys for a rescue. Indeed, the rescue is designed to be a toolbox for troubleshooting purposes, not to be a live system.
That's why we are not going to implement such feature, direction is to patch the regex to forbid this hack.
It's just handy if you need to provide rescue access to more than 1 person/pubkey. But yes, to avoid confusion it's probably best to just remove the ability to provide more than one key.
Using multiple keys allow me to register an OVH technician key in addition of my own. Or working on the rescue with a pair for auditing different parts/tests and work more efficiently.
This « 1key » restriction will force users(myself) towards non standards process (e.g generating temporary private keys and having to distribute them to collaborate on a rescue system)
Other than dedicated private keys, when working on systems, i consider « pools » of trusted keys (Layer 0 IT admins) with no distinctions between then rather than one specific « developper » key.
This is the fist API i see that restrict me to use « only one key » and maybe, if not found anywhere else, it might be because this design never proved its worth.