Write the certificate where OpenSSH will find it#224
Conversation
If given the filename of a private key, and no certificates have been specified, OpenSSH will append "-cert.pub" and try to load certificate data from there. (Cf. ssh(1) man page) Signed-off-by: Ben Slusky <bslusky@smartling.com>
|
Thanks for this! Is this motivated by a bug where SSH isn't finding the public key? What opkssh and ssh commands are you running where this happens? |
|
The motivation is to reduce the amount of explicit configuration of OpenSSH. As shown in the change in README.md, there is no need to specify the filename for certificate data, in addition to the private key, if the certificate data file is already at this path. |
Fix one more instance from another branch that was merged. Signed-off-by: Ben Slusky <bslusky@smartling.com>
|
Forgot Signed-off-by for my one line fix, going to force-push to add it 😑 |
if !strings.Contains(string(configContent), privKeyPath) {
configContent = slices.Concat(
[]byte("IdentityFile "+privKeyPath+"\n"),
configContent,
)
}This also shows how appending "-cert.pub" instead of just ".pub" to the public key file reduces the need for explicit configuration of OpenSSH. Without the filename change, this SSH config fragment (from #122) is not sufficient for OpenSSH to find the opkssh certificate data. |
|
Ok, I understand this change now. i'll review it sometime this week. Are there are conflict with this PR #122 as it lets you configure a special opkssh ssh key directory? |
|
There was one conflict, but I fixed it in my latest commit. |
|
The code changes look good. Let me take this for a test drive tomorrow and if I don't run into any issues I'll approve and merge it. Thanks for this change, it will be nice to not have to specify the private key and the public key to log in. |
2 participants
If given the filename of a private key, and no certificates have been specified, OpenSSH will append "-cert.pub" and try to load certificate data from there. (Cf. ssh(1) man page)