Resync Ubuntu Core ssh keys

Once I configure the Ubuntu Core account to my device and that I add a new ssh key to my Ubuntu Core account this will not be taken into account.

This seems to me like a limitation as in case our customers configure their Ubuntu Core account during the intial bring-up… and later on they may add new ssh keys to their Ubuntu Core account, they will not be able to use ssh from these new added hosts.

Is there a way to trigger a resync for the ssh keys and not just during the initial bring-up ?

Thanks
Radu

1 Like

How would this be achieved without leaving a back door in the install? Users can still add their additional public keys to the ~/.ssh/authorized_keys file as they would in any other Linux install.

A workaround might be to create either a snap or a systemd service that periodically checks for new public keys associated with that email account.

i.e. you can execute:
curl -s https://login.ubuntu.com/api/v2/keys/${email}
and compare the "ssh_keys" json array against what is in ~/.ssh/authorized_keys

Thanks Lopezem, McPhail for your replies. I would probably go with the solution suggested by Lopezem and create a snap to do periodical checks …

Was just running into this issue when I tried to work from another device from home office. The effort to go to the office and add my new key is not too dramatic. But this makes me wonder what happens if I loose my admin device with the SSH key (e.g. gets stolen, is destroyed, employee with the key leaves). I see there’s an open bug report from long time ago. Did no one ever run into serious trouble?