Hello,
I created a snap called lagoon-cli,https://dashboard.snapcraft.io/snaps/lagoon-cli, which ships lagoon the default cli for AmazeeIO/Lagoon systems.
It requires access to user’s ssh-key and I’d like to have the auto-connect to user’s ssh-keys
Thanks
Vincenzo De Naro Papa
ssh-keys is quite a powerful interface - it provides the snap full access to all of the user’s private keys. Since $HOME for snaps defaults to SNAP_USER_DATA (ie $HOME/snap/<snap-name>/<revision>) users can copy they private keys etc into $SNAP_USER_DATA/.ssh to allow access to their private keys etc for the given snap - or they could manually connect this interface for the snap as an alternative. As such we think it is prudent to allow the user to actively make this choice and so have not granted auto-connect for ssh-keys in the past - so -1 from me to auto-connect ssh-keys and instead I would encourage you to have the snap itself ask the user to either manually copy their keys over so the snap can access them or to manually connect this interface via snap connect lagoon-cli:ssh-keys if they believe this is required.
I understand your thoughts and concerns.
It might be a bit annoying connect the ssh-key interface every time you start the application, but I agree it’s safer.
Thanks for your attention.
FYI - connecting an interface only needs to be done once - then it is connected from that time on for that snap until it is disconnected - so there should not be any need to do it each time it is started / launched - just once.
ok thanks. If I copy the ssh key I need into the snap home $SNAP_USER_DATA/.ssh , should I still need the ssh-keys interface?
Thanks
That will depend on your snap being able to find the key. $HOME is set to $SNAP_USER_DATA, but some snaps prefer to use getpwent() which will return the value from /etc/passwd, etc, so your snap might need to be adjusted for that.
