[ux] juju does not add an ssh key to a per-model cache when a bundle is deployed to a model created by somebody else

Bug #1816421 reported by Dmitrii Shcherbakov
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Canonical Juju
Triaged
Low
Unassigned

Bug Description

Juju does not add an ssh public key from your local client's directory (.local/share/juju/ssh/id_rsa.pub) to a per-model cache when deploying to a model created by somebody else.

This is more of a UX request, consider the following:

1) an admin creates a model for you and gives you rw rights on it;
2) you login to the target controller (via Candid in my case);
3) switch to the created model;
4) you can deploy to this model but `juju ssh` fails as your key was not imported;
5) then you do `juju add-ssh-key "key-from-local-share-juju-ssh-id_rsa.pub"` and now you can ssh there.

The first impression when you encounter an authentication error is that Juju did something wrong when importing keys.

If you know that `juju run` allows you to do `cat .ssh/authorized_keys` you may be able to figure it out but this is far from obvious for a novice user who is likely to be a consumer of a model (e.g. in the JAAS use-case).

description: updated
Revision history for this message
Richard Harding (rharding) wrote :

This falls a bit under future work to make ssh keys per user and to allow ssh access as a permission level change.

It's not intended for model access to necessarily allow ssh access.

We should be making the access more explicit in the future work e.g.

juju ssh ...
ERROR: user x does not have model ssh access

See:
https://bugs.launchpad.net/juju/+bug/1629835

Changed in juju:
status: New → Triaged
importance: Undecided → Medium
description: updated
Revision history for this message
Canonical Juju QA Bot (juju-qa-bot) wrote :

This bug has not been updated in 2 years, so we're marking it Low importance. If you believe this is incorrect, please update the importance.

Changed in juju:
importance: Medium → Low
tags: added: expirebugs-bot
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.