Bug 834930

For those folks wanting a way to manage authorised ssh keys within Juju, trunk
now has that functionality. There are 4 commands:

add - add ssh keys for a Juju user
delete - delete ssh keys for a Juju user
list - list ssh keys for a Juju user
import - import Launchpad or Github ssh keys

For more details, run "juju authorised-keys" to see some help printed.

Currently, the default (and only) Juju user for an environment is "admin". This
will change as support for users and roles etc comes along in the future. So for
now, think of Juju's ssh key management as a way to allow people other than the
person who bootstrapped an environment the ability to ssh into Juju 
machines/nodes.

I'm guessing people will mostly use import to pull in ssh keys from Launchpad or
Github eg "juju authorised-keys import lp:wallyworld". But for clouds which do
not have access to the internet, "add" is useful since it allows a full key to
be imported directly.

When deleting keys, you use the key fingerprint or comment to specify what to
delete. You can find the fingerprint for a key using ssh-keygen.

Note that right now, keys are global and grant access to all machines. When a
key is added, it is propagated to all machines in the environment. When a key is
deleted, it is removed from all machines.

For manually provisioned machines, which may already have their own authorised
ssh keys before being added to the Juju environment, these keys are retained and
not managed or deleted by Juju. Juju will prepend "Juju:" to all key comments
for keys which it has added to a machine so that it knows which ones to ignore.

Hopefully the functionality is useful. I expect it may well need to be refined
as things progress with user permissions and roles. Please file bugs if you
encounter any issues or usability concerns etc.




-- 
Juju-dev mailing list
Juju-dev@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/juju-dev

Reply via email to