find /root/.ssh/authorized_keys on top of agent keys

[anarcat]

We use grml-debootstrap as a simple installer here. It means we're running on a remote rescue shell, which we login to over SSH. It has no SSH keys in an agent because there's no agent running, so ssh-add -L fails when we pass -sshcopyid.

But we do have keys in /root/.ssh/authorized_keys because that's how our bootstrap works. So could we instead be a little smarter here and find those keys automatically?

[mika]

Yes I totally agree, the ssh-add -L approach is not really user friendly and ssh-ing into the system is something we definitely want to have working as simple as possible without opening a security hole though, also see #139

I'd appreciate any work in this area!

[anarcat]

without opening a security hole though, also see #139

... what are we concerned about here specifically? password logins are disabled, right?

I'd appreciate any work in this area!

this simple post-script could be merged into grml-bootstrap fairly easily:

AUTHORIZED_KEYS_SOURCE=${AUTHORIZED_KEYS_SOURCE:-$HOME/.ssh/authorized_keys}
AUTHORIZED_KEYS_TARGET=${AUTHORIZED_KEYS_TARGET:-$MNTPOINT/root/.ssh/}
echo "I: copying $AUTHORIZED_KEYS_SOURCE to "$AUTHORIZED_KEYS_TARGET""
mkdir -p "$AUTHORIZED_KEYS_TARGET"
chmod 0700 "$AUTHORIZED_KEYS_TARGET"
cp $AUTHORIZED_KEYS_SOURCE "$AUTHORIZED_KEYS_TARGET"

[mika]

... what are we concerned about here specifically? password logins are disabled, right?

Yeah, password logins as user root no longer work, while this has been something that users relied on in the past.

this simple post-script could be merged into grml-bootstrap fairly easily:

LGTM, would you mind providing a PR for integration? :)

[anarcat]

sure, see #153!