Page MenuHomeVyOS Platform

Ability to store SSH keys out of the config
Open, WishlistPublicENHANCEMENT


We need to have ability to store ssh keys outside of config
for that purpose we can create subdir in /config for that purpose

and use sshd configuration

AuthorizedKeysFile /config/ssh/%u

The following tokens are defined:

%u is replaced by the username of the user


Difficulty level
Normal (likely a few hours)

Event Timeline

syncer created this task.Aug 4 2016, 10:52 PM

@whiskeyalpharomeo maybe in your scope of interest

syncer edited subscribers, added: VyOS 1.2 Crux, VyOS 2.0.x; removed: VyOS 1.1.x, syncer.
syncer reassigned this task from dmbaturin to UnicronNL.Sep 2 2017, 4:01 PM
syncer added a subscriber: dmbaturin.

This one is partially related to T312 but not only
we had some discussions with @dmbaturin in past about keys
and came across idea that it will be great to keep keys outside of config

c-po added a subscriber: c-po.Sep 2 2017, 4:58 PM

Actually I like the fact to have the users SSH pub key inside the config. This makes it super handy to just copy/paste a users config entry arround VyOS instances.

Cisco/Ubiquity uses the same approach, User SSH keys are located inside running-config.

syncer added a comment.Sep 2 2017, 5:02 PM

That is not something that we need to choose between,
we keep both, but for environments where users comes from AD, LDAP, Radius, etc.

syncer reassigned this task from UnicronNL to dmbaturin.May 27 2018, 9:10 AM
syncer added a subscriber: UnicronNL.
pasik added a subscriber: pasik.Aug 19 2018, 8:12 AM
syncer changed the subtype of this task from "Task" to "Enhancement".Oct 20 2018, 4:49 AM