// Add the provided SSH public keys to the user's authorized keys.
func (u Util) AuthorizeSSHKeys(c config.User) error {
if len(c.SSHAuthorizedKeys) == 0 {
return nil
}
return u.LogOp(func() error {
usr, err := u.userLookup(c.Name)
if err != nil {
return fmt.Errorf("unable to lookup user %q", c.Name)
}
akd, err := keys.Open(usr, true)
if err != nil {
return err
}
defer akd.Close()
// TODO(vc): introduce key names to config?
// TODO(vc): validate c.SSHAuthorizedKeys well-formedness.
kb := []byte(strings.Join(c.SSHAuthorizedKeys, "\n"))
if err := akd.Add("coreos-ignition", kb, true, true); err != nil {
return err
}
if err := akd.Sync(); err != nil {
return err
}
return nil
}, "adding ssh keys to user %q", c.Name)
}
// Add the provided SSH public keys to the user's authorized keys.
func (u Util) AuthorizeSSHKeys(c config.User) error {
if len(c.SSHAuthorizedKeys) == 0 {
return nil
}
return u.LogOp(func() error {
usr, err := u.userLookup(c.Name)
if err != nil {
return fmt.Errorf("unable to lookup user %q", c.Name)
}
akd, err := keys.Open(usr, true)
if err != nil {
return err
}
defer akd.Close()
// TODO(vc): introduce key names to config?
// TODO(vc): validate c.SSHAuthorizedKeys well-formedness.
ks := strings.Join(c.SSHAuthorizedKeys, "\n")
// XXX(vc): for now ensure the addition is always
// newline-terminated. A future version of akd will handle this
// for us in addition to validating the ssh keys for
// well-formedness.
if !strings.HasSuffix(ks, "\n") {
ks = ks + "\n"
}
if err := akd.Add("coreos-ignition", []byte(ks), true, true); err != nil {
return err
}
if err := akd.Sync(); err != nil {
return err
}
return nil
}, "adding ssh keys to user %q", c.Name)
}