Juju needs support of rotating the juju-client-key
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Canonical Juju |
Triaged
|
Medium
|
Unassigned |
Bug Description
$ juju --version
2.9.18-ubuntu-amd64
$ juju ssh-keys
Keys used in model: admin/ceph
cf:af:c7:
$ juju ssh 0 -- cat .ssh/authorized
ssh-rsa AAAAB3NzaC1yc2E
ssh-rsa AAAAB3NzaC1yc2E
Connection to 172.27.85.203 closed.
# note that we have two ssh keys here ^
$ juju remove-ssh-key ubuntu@TestKey
$ juju ssh-keys
No keys to display.
$ juju ssh 0 -- cat .ssh/authorized
ssh-rsa AAAAB3NzaC1yc2E
Connection to 172.27.85.203 closed.
# ^ juju-client-key remains
$ juju remove-ssh-key juju-client-key
cannot remove key id "juju-client-key": may not delete internal key: juju-client-key
So, in fact, there is no way to rotate this key, in case it got compromised etc.
Changed in juju: | |
milestone: | 3.1-beta1 → 3.1-rc1 |
Changed in juju: | |
milestone: | 3.1-rc1 → 3.1-rc2 |
Changed in juju: | |
milestone: | 3.1-rc2 → 3.1-rc3 |
This would be useful for existing clusters when we drop rsa2048 generation re: https:/ /bugs.launchpad .net/juju/ +bug/1974132
As it would allow the user to for example `juju rotate-ssh-key juju-client-key`