Improvements for SSH public key management #15
Description
Currently we have the configuration ssh_public_key, which is supposed to be the file path to the user's public key.
The expectation is that this points to the public half of a public/private key pair sitting in ~/.ssh, e.g. ~/.ssh/id_rsa.pub. If the private half of the key pair exists, then Yo will happily include a -i ~/.ssh/id_rsa in SSH commands in order to specify which SSH identity gets used. This is a somewhat nice feature in case a user has SSH configured with strict identities, or if the SSH key lives outside of ~/.ssh, but that's not usually the case. Normally, passing -i IDENTITY is unnecessary.
More importantly, the SSH public key configuration's main duty (outside of this weird "find the private key" implementation detail) is supposed to be that it's provided to OCI when launching an instance. Except OCI can take multiple public keys - it's asking for an authorized_keys file, not necessarily just a single public key. This is a very useful ability, since people may have multiple machines, each with their own key, and they should be able to provision all the public keys if they want.
Right now, you can just stick multiple keys into a file and set ssh_public_key to point to that file. But that's bad because you'll probably break the private key semantics described above. Plus, the name ssh_public_key is wrong: it should be authorized_keys_file.
So I would like to do:
- Add an
ssh_private_keyconfiguration option which is very optional. It could be used for the-icases above. - Add an
authorized_keys_fileconfiguration option to be used for launching instances. - Deprecate
ssh_public_keyconfiguration option. Raise an error if it is present with either of the above options.