Beispiel #1
0
// Add the provided SSH public keys to the user's authorized keys.
func (u Util) AuthorizeSSHKeys(c config.User) error {
	if len(c.SSHAuthorizedKeys) == 0 {
		return nil
	}

	return u.LogOp(func() error {
		usr, err := u.userLookup(c.Name)
		if err != nil {
			return fmt.Errorf("unable to lookup user %q", c.Name)
		}

		akd, err := keys.Open(usr, true)
		if err != nil {
			return err
		}
		defer akd.Close()

		// TODO(vc): introduce key names to config?
		// TODO(vc): validate c.SSHAuthorizedKeys well-formedness.
		kb := []byte(strings.Join(c.SSHAuthorizedKeys, "\n"))
		if err := akd.Add("coreos-ignition", kb, true, true); err != nil {
			return err
		}

		if err := akd.Sync(); err != nil {
			return err
		}

		return nil
	}, "adding ssh keys to user %q", c.Name)
}
Beispiel #2
0
// Add the provided SSH public keys to the user's authorized keys.
func (u Util) AuthorizeSSHKeys(c config.User) error {
	if len(c.SSHAuthorizedKeys) == 0 {
		return nil
	}

	return u.LogOp(func() error {
		usr, err := u.userLookup(c.Name)
		if err != nil {
			return fmt.Errorf("unable to lookup user %q", c.Name)
		}

		akd, err := keys.Open(usr, true)
		if err != nil {
			return err
		}
		defer akd.Close()

		// TODO(vc): introduce key names to config?
		// TODO(vc): validate c.SSHAuthorizedKeys well-formedness.
		ks := strings.Join(c.SSHAuthorizedKeys, "\n")
		// XXX(vc): for now ensure the addition is always
		// newline-terminated.  A future version of akd will handle this
		// for us in addition to validating the ssh keys for
		// well-formedness.
		if !strings.HasSuffix(ks, "\n") {
			ks = ks + "\n"
		}

		if err := akd.Add("coreos-ignition", []byte(ks), true, true); err != nil {
			return err
		}

		if err := akd.Sync(); err != nil {
			return err
		}

		return nil
	}, "adding ssh keys to user %q", c.Name)
}