I have successfully setup a serial vault and created a working usb with a auto-import.assert.
I have console-conf disabled.
Using the usb key I am able to change my device from unmanaged to managed and then can ssh into my Core22 system.
There are some unexpected behaviors that I consider bugs.
-
My auto-import.assert file has an expiration date as represented by the “until” field. If I use a USB stick that is expired, I don’t create a working system-user. BUT something has happened, because if I update my auto-import.assert file on the USB stick I still can’t get in. Attempting to use an expired key has locked me out of ever being able to get into the system ever again even if I present a valid auto-import.assert file. Seems like a bug.
-
I use a valid usb key and create a good system-user. I’m on the system.
snap known system-user will return information about my key, and the expiration.
After the key expires, the system-user should also expire. The system should revert back to being an unmanaged system if the authorization has expired. That is the second bug.
------------------ Feature request --------------------------------------- Once a system-user is created with a USB key, the device is locked into being managed. If I insert a USB with a valid auto-import.assert, I would like to see the current system user updated to the ssh keys represent by the current physically present valid assert presentation. So far I see no way to update to a different system-user credentials even when I present a valid assert file.
Wendell