From 56c17941fecdd92875b1b3377a65a32a3be6617c Mon Sep 17 00:00:00 2001 From: Stephen Fox Date: Thu, 28 Feb 2019 10:54:14 -0500 Subject: [PATCH] Added comment to authorized_keys 'sed' calls per review. --- common/step_cleanup_temp_keys.go | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/common/step_cleanup_temp_keys.go b/common/step_cleanup_temp_keys.go index 74b528a80..56ca700aa 100644 --- a/common/step_cleanup_temp_keys.go +++ b/common/step_cleanup_temp_keys.go @@ -38,6 +38,22 @@ func (s *StepCleanupTempKeys) Run(_ context.Context, state multistep.StateBag) m ui.Say("Trying to remove ephemeral keys from authorized_keys files") + // Per the OpenSSH manual (https://man.openbsd.org/sshd.8), a typical + // line in the 'authorized_keys' file contains several fields that + // are delimited by spaces. Here is an (abbreviated) example of a line: + // ssh-rsa AAAAB3Nza...LiPk== user@example.net + // + // In the above example, 'ssh-rsa' is the key pair type, + // 'AAAAB3Nza...LiPk==' is the base64 encoded public key, + // and 'user@example.net' is a comment (in this case, describing + // who the key belongs to). + // + // In the following 'sed' calls, the comment field will be equal to + // the value of communicator.Config.SSHTemporaryKeyPairName. + // We can remove an authorized public key using 'sed' by looking + // for a line ending in ' packer-key-pair-comment' (note the + // leading space). + // // TODO: Why create a backup file if you are going to remove it? cmd.Command = fmt.Sprintf("sed -i.bak '/ %s$/d' ~/.ssh/authorized_keys; rm ~/.ssh/authorized_keys.bak", s.Comm.SSHTemporaryKeyPairName) if err := cmd.StartWithUi(comm, ui); err != nil { @@ -45,7 +61,6 @@ func (s *StepCleanupTempKeys) Run(_ context.Context, state multistep.StateBag) m } cmd = new(packer.RemoteCmd) cmd.Command = fmt.Sprintf("sudo sed -i.bak '/ %s$/d' /root/.ssh/authorized_keys; sudo rm /root/.ssh/authorized_keys.bak", s.Comm.SSHTemporaryKeyPairName) - if err := cmd.StartWithUi(comm, ui); err != nil { log.Printf("Error cleaning up /root/.ssh/authorized_keys; please clean up keys manually: %s", err) }