Project

General

Profile

Bug #19998

New Feature: SSH keys deployed per user

Added by Dimitrij Artes over 3 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Host creation
Target version:
Difficulty:
Triaged:
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:

Description

Hey,

In the release notes for Foreman 1.15 is a new feature listed: SSH keys deployed per user.
I would ask how this feature can be used.

[[https://theforeman.org/manuals/1.15/index.html#Releasenotesfor1.15]]


Related issues

Related to Foreman - Feature #18476: add ssh public keys to userClosed

History

#1 Updated by Marek Hulán over 3 years ago

#2 Updated by Marek Hulán over 3 years ago

The feature was demoed on our regular community demos, you can find it at https://www.youtube.com/watch?v=QfANwMzxebE&feature=youtu.be&t=119

@Timo, would you mind covering it in the Foreman manual too? I think it would be beneficial for more users.

#3 Updated by Dimitrij Artes over 3 years ago

Ok, i watched the demo and learned that i need to use the provisioning snippet 'create_users' for this.
After provisioning, my public key is on the new host but i have issues with the format of the key in autorized_keys file.

I copied my public key into Foreman as following:

[key type] [key] [comment]
ssh-rsa AAA...== Dimitrij Artes

In the authorized_keys file i see the following:

[key type] [key type] [key] [comment] [comment]
ssh-rsa ssh-rsa AAA...== Dimitrij Artes [username]@[foreman fqdn]

If i copy my key to Foreman without key type i get the error 'Fingerprint could not be generated Length could not be calculated'.
If i let the comment blank i get
ssh-rsa ssh-rsa AAA...== [username]@[foreman fqdn]

The biggest problem is the double key type wich caused failure in the structure of the key in authorized_keys file.
How should i paste my key in Foreman?

#4 Updated by Timo Goebel over 3 years ago

Dimitrij Artes wrote:

Ok, i watched the demo and learned that i need to use the provisioning snippet 'create_users' for this.

The template shipped with 1.15.0 contains a bug. Please see https://github.com/theforeman/community-templates/pull/392 for a fixed version.

#5 Updated by Marek Hulán over 3 years ago

  • Tracker changed from Support to Bug
  • Legacy Backlogs Release (now unused) set to 266

We should cherry-pick it to 1.15-stable both in community-repo and Foreman core. Therefore, I'm marking it for 1.15.2. Daniel if you confirm, I'm happy to open both PRs, otherwise please reset the release field.

#6 Updated by Daniel Lobato Garcia over 3 years ago

Sounds good to me, please feel free to put it in community-templates 1.15 for 1.15.2

#7 Updated by Marek Hulán over 3 years ago

  • Status changed from New to Ready For Testing
  • Assignee set to Marek Hulán

Sorry, community-templates 1.15-stable already contained the fix. Sync PR opened as https://github.com/theforeman/foreman/pull/4591. Since it contains other changes, I'm not linking it to this issue. Moving to ready for testing though as the PR is available.

#8 Updated by Dimitrij Artes over 3 years ago

I've applied the fix and it work now. Thanks!

What about the comment? At the moment the key comment is overwritten with user@foreman_fqdn.

#9 Updated by Timo Goebel over 3 years ago

Dimitrij Artes wrote:

I've applied the fix and it work now. Thanks!

What about the comment? At the moment the key comment is overwritten with user@foreman_fqdn.

You could use something like this:

<%-     index = 0 -%>
  <%-     user.ssh_keys.each do |key| -%>
  <%-       if index == 0 -%>
  <%=        key %>
  <%-       else -%>
  <%=        "#{key} - #{index}" %>
  <%-       end -%>
  <%-       index += 1 -%>
  <%-     end -%>

or more easy:

 <%-     user.ssh_keys.each do |key| -%>
 <%=      key %>
 <%-     end -%>

#10 Updated by Marek Hulán over 3 years ago

  • Status changed from Ready For Testing to Closed

Fixed in 1.15.2 branch by the template sync, see https://github.com/theforeman/foreman/pull/4592 for more details.

#11 Updated by Marek Hulán over 3 years ago

  • Bugzilla link set to 1473913

Also available in: Atom PDF