From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.4 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7F496C43467 for ; Wed, 14 Oct 2020 10:51:34 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id BFBA52173E for ; Wed, 14 Oct 2020 10:51:33 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="PiKoUy2J" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org BFBA52173E Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:49258 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kSeNY-00061v-Cr for qemu-devel@archiver.kernel.org; Wed, 14 Oct 2020 06:51:32 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:36258) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kSeME-0005Cg-8U for qemu-devel@nongnu.org; Wed, 14 Oct 2020 06:50:12 -0400 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:41983) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1kSeMB-00011p-Vq for qemu-devel@nongnu.org; Wed, 14 Oct 2020 06:50:09 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1602672605; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=wyz1Mjee62RaId3DLDrv88vowrkRExGPSnZPCifl43o=; b=PiKoUy2JK8jBJh85vL02mxFIU4yjx1T+3Z1ZtPv52tp2njBq1y00q5+BoLJs+ZFK3dvFKN g7k7P6djsfXrBvGtBfsqRntTxRVWJvh3eh4kFoDg7tnaQZB8iIg6TQFR9wK++q/RBKf+ky Y/Tyiwr5+AiYP0BOiFKn1GQu2ve5kE0= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-501-9Qi4WaPyMi6eI2LbwBX5ig-1; Wed, 14 Oct 2020 06:50:03 -0400 X-MC-Unique: 9Qi4WaPyMi6eI2LbwBX5ig-1 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 3B4CE8030CA; Wed, 14 Oct 2020 10:50:02 +0000 (UTC) Received: from redhat.com (ovpn-113-137.ams2.redhat.com [10.36.113.137]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 315005C1BD; Wed, 14 Oct 2020 10:50:00 +0000 (UTC) Date: Wed, 14 Oct 2020 11:49:58 +0100 From: Daniel =?utf-8?B?UC4gQmVycmFuZ8Op?= To: marcandre.lureau@redhat.com Subject: Re: [PATCH 0/2] qemu-ga: add ssh-{add,remove}-authorized-keys Message-ID: <20201014104958.GD115189@redhat.com> References: <20201013202502.335336-1-marcandre.lureau@redhat.com> MIME-Version: 1.0 In-Reply-To: <20201013202502.335336-1-marcandre.lureau@redhat.com> User-Agent: Mutt/1.14.6 (2020-07-11) X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=216.205.24.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/10/14 01:12:43 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Daniel =?utf-8?B?UC4gQmVycmFuZ8Op?= Cc: qemu-devel@nongnu.org, Michael Roth Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" On Wed, Oct 14, 2020 at 12:25:00AM +0400, marcandre.lureau@redhat.com wrote: > From: Marc-André Lureau > > Hi, > > Add two new commands to help modify ~/.ssh/authorized_keys. > > Although it's possible already to modify the authorized_keys files via > file-{read,write} or exec, the commands are often denied by default, and the > logic is left to the client. Let's add specific commands for this job. More importantly the mgmt app has no idea what file location the keys need to be saved in. Knowing the user isn't sufficient as you cannot assume that $HOME is /home/$USERNAME - it could be in an arbitrarily different location. So having dedicated commands for this which can use getpwent in the guest to find $HOME is mcuh saner. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|