Skip to content

Commit

Permalink
machine: Remove install-time ssh key for podman bundles
Browse files Browse the repository at this point in the history 
Podman bundles have a ~/.ssh/authorized_keys.d/ignition file which is currently
not removed. This means it's always possible to connect to the crc VM with the
default bundle ssh key even after we added a new random key to the instance.

This commit removes this file to close this small hole.
  • Loading branch information
@cfergeau @praveenkumar
cfergeau authored and praveenkumar committed Jun 16, 2022
1 parent 239a429 commit 6add9ad
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion pkg/crc/machine/start.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -630,7 +630,10 @@ func updateSSHKeyPair(sshRunner *crcssh.Runner) error {
if err != nil {
return err
}
return err

/* This is specific to the podman bundle, but is required to drop the 'default' ssh key */
_, _, _ = sshRunner.Run("rm", "/home/core/.ssh/authorized_keys.d/ignition")
return nil
}

func copyKubeconfigFileWithUpdatedUserClientCertAndKey(selfSignedCAKey *rsa.PrivateKey, selfSignedCACert *x509.Certificate, srcKubeConfigPath, dstKubeConfigPath string) error {
Expand Down

0 comments on commit 6add9ad

Please sign in to comment.