roachprod: add roachprod as a key name #151932
Conversation
bghal
requested review from
herkolategan and
golgeek
and removed request for
a team
|
This change is |
roachprod uses this list to look for a public SSH key under $HOME/.ssh. 1Password handily manages single-purpose SSH keys. This change makes keys exported from there discoverable. Epic: none Release note: None
bghal
force-pushed
the
roachprod-discover-keys
branch
from
4804b13 to
ebadf9a
Compare
There was a problem hiding this comment.
Thanks for the PR, this is much appreciated!
That being said, I'm not sure I understand how this works with 1password and its ssh-agent.
I might have missed something on 1password's side, but it looks like when you generate an SSH key, it stays in 1password and is supposed to be managed by the agent (so offered as its 1password name during the SSH roundtrip) and it's not dumped into the user's .ssh folder unless exported (and not really managed by 1password anymore).
On the other hand, from what I can gather from the roachprod code, this DefayltPubKeyNames list requires a file in $HOME/.ssh/$KEYNAME.pub to exist for the key to be provided as an identity_file to the SSH command generated by roachprod.
Could you provide a bit more context?
|
|
||
| // Cockroach additions | ||
| "google_compute_engine", | ||
| "Roachprod", |
There was a problem hiding this comment.
I have more or less the same question as @golgeek, but in addition want to know why both an uppercase and lowercase version of "(R|r)oachprod"?
|
Yeah realized roachprod isn't really doing anything with the keys; really just needed to touch the identity and public key files. |
roachprod uses this list to look for a public SSH key under $HOME/.ssh.
1Password handily manages single-purpose SSH keys. This change makes
keys exported from there discoverable.
Epic: none
Release note: None