Ability to store SSH keys out of the config
Open, WishlistPublic

Description

We need to have ability to store ssh keys outside of config
for that purpose we can create subdir in /config for that purpose

and use sshd configuration
like

AuthorizedKeysFile /config/ssh/%u

The following tokens are defined:

%u is replaced by the username of the user

Details

Difficulty level
Normal (likely a few hours)
syncer created this task.Aug 4 2016, 10:52 PM

@whiskeyalpharomeo maybe in your scope of interest

syncer edited subscribers, added: VyOS 1.2.x, VyOS 2.0.x; removed: VyOS 1.1.x, syncer.
syncer reassigned this task from dmbaturin to UnicronNL.Sep 2 2017, 4:01 PM
syncer added a subscriber: dmbaturin.

This one is partially related to T312 but not only
we had some discussions with @dmbaturin in past about keys
and came across idea that it will be great to keep keys outside of config

c-po added a subscriber: c-po.Sep 2 2017, 4:58 PM

Actually I like the fact to have the users SSH pub key inside the config. This makes it super handy to just copy/paste a users config entry arround VyOS instances.

Cisco/Ubiquity uses the same approach, User SSH keys are located inside running-config.

syncer added a comment.Sep 2 2017, 5:02 PM

That is not something that we need to choose between,
we keep both, but for environments where users comes from AD, LDAP, Radius, etc.