Consider making coreos-metadata-sshkeys@.service ConditionFirstBoot=true #138
Comments
|
Adding FirstBoot seems like a good idea on all platforms which don't allow keys to be changed (e.g. AWS, Azure, DigitalOcean). |
|
Since there are providers that allow SSH keys to be changed after the initial boot, we'd need to run the sshkeys service on subsequent boots on some platforms, which seems confusing for a security-sensitive feature. We could document the distinction (#94) but such docs seem easy to overlook. We could document manually disabling the service (or manually limiting it to firstboot) but "here's how to disable our unhelpful behavior" doesn't feel like a real solution either. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Issue Report
Feature Request
Environment
AWS
Desired Feature
After SSH keys have been set, don't continue to set them on every boot. With the current behavior, keys that are deleted by the user can come back later, which is surprising in the Ignition world.
Alternatively, document how to disable the service.
Other Information
See coreos/bugs#1933 (comment) for context.
The text was updated successfully, but these errors were encountered: