System should periodically refresh ssh keys that were obtained from SSO/store for local users

I'm curious what would cause an ssh key to become invalid?

Thanks

@Seth, there have been a few people that reported having DSA keys in SSO instead of RSA, but DSA isn't supported. So after the keys are fetched, users realize they can't login with them, so they upload RSA keys but Ubuntu Core never checks for an update.

Also, there's the possibility that the user's HD crashed and they lost their keys. This gives them a way back into the device if necessary.

Also if I want to add a 2nd key via the SSO account its not clear how to do it. It doesn't happen automatically and I can't find any documentation on how to "sync" my Ubuntu Core with SSO to get the 2nd key. The only way to do this is manually via my original machine which doesn't seem right - see also this Q: http://askubuntu.com/questions/865334/cant-login-to-ubuntu-core-16-using-a-second-ssh-key

This is a pretty important issue if using Ubuntu Core in a business setting, which is what I'm currently experimenting with. Being able to add/remove individual developer access to the devices is pretty handy security-wise. I can probably get around it for now, but it'd definitely be a nice feature to have.

I was following instructions here: https://developer.ubuntu.com/core/get-started/kvm
but I screwed up the first time (came back later and password wasn't working - maybe I forgot it, maybe it didn't work)
so I generated a new key and uploaded it here: https://login.ubuntu.com/ssh-keys

yet the issue persisted and no password would work

additionally I tried to log in to ubuntu core w/o ssh and the default ubuntu:ubuntu was not working either

if there are any workarounds please let me know. I'm going to focus on getting into ubuntu core without ssh.

@roxd, My workaround was to mount the writable partition on a different Linux machine. There I was able to manually append the missing SSH public key(s) to /writable/user-data/username/.ssh/authorized_keys.

This worked on a WDLabs Nextcloud Box running Ubuntu Core 16 and Nextcloud 11.

Is the intended behavior to auto update the keys using SSO?

@ntindle, yes.

Is this issue active? I think this still being necessary, isn't it?

 no ssh key

Same problem. There is an workaround this problem?

This is still affecting me. Somehow my ssh key became invalid over time, and I'm locked out of the device.

https://bugs.launchpad.net/snapd/+bug/1646559/comments/6 Seems like a probable solution.

On that note, if anyone can mount the writable portion of the SD card, then does that give them access to the data by importing an ssh key?