Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Consider making [email protected] ConditionFirstBoot=true #138

Open
bgilbert opened this issue Jul 22, 2017 · 2 comments
Open

Consider making [email protected] ConditionFirstBoot=true #138

bgilbert opened this issue Jul 22, 2017 · 2 comments

Comments

@bgilbert
Copy link
Contributor

Issue Report

Feature Request

Environment

AWS

Desired Feature

After SSH keys have been set, don't continue to set them on every boot. With the current behavior, keys that are deleted by the user can come back later, which is surprising in the Ignition world.

Alternatively, document how to disable the service.

Other Information

See coreos/bugs#1933 (comment) for context.

@crawford
Copy link
Contributor

Adding FirstBoot seems like a good idea on all platforms which don't allow keys to be changed (e.g. AWS, Azure, DigitalOcean).

@bgilbert
Copy link
Contributor Author

Since there are providers that allow SSH keys to be changed after the initial boot, we'd need to run the sshkeys service on subsequent boots on some platforms, which seems confusing for a security-sensitive feature. We could document the distinction (#94) but such docs seem easy to overlook. We could document manually disabling the service (or manually limiting it to firstboot) but "here's how to disable our unhelpful behavior" doesn't feel like a real solution either.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

4 participants