Add SSH key to an existing VM ? #3075
Comments
checkout |
So only replace, no add? |
@huangpf - Is there a plan to support adding more ssh keys to a vm? |
it should support add |
I think this is a duplicate of #3199 |
+1: long thread discussing the fact that you think vmaccess command will do this, but instead assumes adding keys to the same user means replace that user's key, which it does not. We need the command to enable ADDING KEYS to any existing user. There are several legitimate scenarios in which users have more than one acceptable key. |
@huanpf I don't this is a duplicate of that? |
@huangpf @squillace - #3199 is for adding a secret, not a SSH Key. Is this still a duplicate then? |
|
|
oh microsoft. |
@matti The issue is still being tracked. I'm just closing the duplicate one. Thanks. |
@haungpf: I just saw this as the other one was closed. THAT issue adds a cert to the osprofile -- great. HOWEVER, this issue is not a CRP issue, nor is it a at the least an appropriate response would be to leave this issue open, as I've reopened it, and connect it with a new issue (Azure/azure-linux-extensions#295). Now you're free to reclose this, but from the customers' point of view this is a CLI problem -- a microsoft problem. We need to figure out how to achieve the solution somehow. |
The title and your summary seem to be ambiguous, so that's misleading to what's the right resolution. CRP API does allow users to install secret resources (i.e. keys) in the cloud to the VM, but users would need to first figure out how to put those resources in the cloud (i.e. using KeyVault APIs). If the problem is about the latter part, it's a general CLI problem, or KeyVault's. Adding a key to the VM is not equivalent to resetting the access. |
@amarzavery please help take a look from overall CLI's point of view. I'm adding more tags to this issue, as it needs multiple-party's triage. |
@huangpf happy to help clarify, and @vlivech to keep me sane. The title "Add SSH key to an existing VM" is about using the Typically this would be over SSH, or
of course, it doesn't say what ELSE should happen here in order to ADD the key I provide to the currently running VM I'm targeting. But the result needs to be that if I specify a user that already exists, and there's a key already there, this one needs to be added to the directory. You'll note that in Azure/azure-linux-extensions#295, @boumenot believes that using It's one or the other, OR: I'm totally wrong about the behavior. I will always concede that I've done something wrong, but three people on my team confirmed this behavior, so a bunch of us are misunderstanding how this is supposed to work. In which case, something else completely is wrong. :-) |
@squillace you are indeed sane. I own a VM and have root perms to it. I then lose, TLDR; |
The problem needs to be well defined in order to find the most accurate solution. What you describe is about the linux VM extension
Like you said, it's not a CRP issue, so I'm going to remove the IaaS tag, and let you focus on the extension part. IMO, title needs to reflect the extension focused asks. |
Yes, this is about the behavior of |
FYI the behavior of reset access with SSH keys actually "adds" the key to the authorized keys, not replace https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/vmaccess#update-ssh-key |
CLI Version: 0.10.2
Mode: ARM
Environment: AzureCloud
Description:
How to add SSH key to a VM?
The text was updated successfully, but these errors were encountered: