Provide Support for Public Key/Authorized Keys-based Authentication When Password Seeding in Preseed is Undesirable
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
network-console (Ubuntu) |
Fix Released
|
Wishlist
|
Colin Watson |
Bug Description
Binary package hint: network-console
Hi,
I have a compelling use case that necessitates using the network-console during the install but requires that the method of authentication is done by public key/authorized keys instead of by means of passing a password to the machine in debconf preseeding.
Instead of taking a messy approach of writing in support in an early or late command, I have written a patch that adds this support to Debian-Installer.
Attached to this bug is a debdiff patch to the network-console source package that adds public key/authorized keys support to network-console.
If network-console is included in the Debian-Installer initrd, not a requirement for this patch's inclusion, it will create a menu item shortly after the network has been configured and ask for some some additional authentication information. The debconf question priorities are reasonable, so little interference is to be expected; and again, this will only affect installers that have explicitly included the network-console udeb in Debian-Installer, which means only people who have manually rebuilt Debian-Installer.
The exact character of the changes is that an additional debconf question is asked that inquires if there is an URL from which to download a list of public keys that the network-console is to allow. The reason that I took this approach instead of merely providing a freetext debconf field is that this decouples the key from debconf, and it results in cleaner preseed files. Not only that, it allows the enterprising systems engineer to write a HTTP dispatcher that can dynamically determine which public keys the to-be-installed machine accepts.
This is probably most useful to systems administrators and engineers who are engaging in mass- and remote-deployment applications of Ubuntu server and workstation.
I have tested this out with the latest Debian-Installer, and everything appears to work as expected. I plan on submitting this upstream into Debian within the next few weeks. Since the code freeze for the Hardy Heron release is fast I approaching, I am submitting this patch to Ubuntu first in hopes that it can be ushered in very quickly. I will be working with my friends involved with Debian project to get this included in the near future to keep the amount of delta between the two projects low.
I have even included internationaliz
Let me know if you have any questions. Let's do what we can to get this incorporated relatively quickly.
Cheers,
Matt
I'd be happy to push this into Debian for you as part of reviewing it. For translation changes, this is actually the most convenient way for me to do it.