Skip to content

Switch to authorized keys for image login#124

Open
alexhulbert wants to merge 1 commit intomainfrom
ah/simple-ssh
Open

Switch to authorized keys for image login#124
alexhulbert wants to merge 1 commit intomainfrom
ah/simple-ssh

Conversation

@alexhulbert
Copy link
Copy Markdown
Member

@alexhulbert alexhulbert commented Mar 18, 2026

Currently, devtools images can't be safely used in situations where they are accessible over the public internet. This is for a few reasons:

  • The devtools images allow password-based root login
  • The devtools images allow logging in over the serial console

The current L2 merge branch works around this by creating custom modules that disable these two features. However, this works around functionality that shouldn't be enabled by default in the first place.

This PR disables password-based root login and the serial console in devtools images (there is no passwd entry for root, so it will never allow any login even if someone somehow managed to get a login prompt). This means that the only way to log in to a devtools image is via injecting an authorized_keys file into the image.

To make this injection easier, the PR also allows you to add an authorized_keys file to mkosi.profiles/devtools. It will inject this file for you automatically into dev builds. This file is gitignored too, so you don't need to worry about committing it.

To enable the original serial console / password-based login functionality, you can add SERIAL_CONSOLE=true to the end of a make build-dev command.

@alexhulbert alexhulbert mentioned this pull request Mar 18, 2026
Merged
@0x416e746f6e
Copy link
Copy Markdown
Member

0x416e746f6e commented Mar 18, 2026

To make this injection easier, the PR also allows you to add an authorized_keys file to mkosi.profiles/devtools

I think this breaks reproducibility of the build.

@alexhulbert
Copy link
Copy Markdown
Member Author

alexhulbert commented Mar 18, 2026

@0x416e746f6e It doesn't break reproducibility since it only injects the key into dev images, similar to how the Yocto tooling worked.

@0x416e746f6e
Copy link
Copy Markdown
Member

0x416e746f6e commented Mar 19, 2026
edited
Loading

It doesn't break reproducibility since it only injects the key into dev images, similar to how the Yocto tooling worked.

i.d.k. whether how yocto worked holds an argument here. but dev images are also images, and injecting arbitrary files into them at build-time will cause them to be different from one another, hence will break reproducibility. throwing that away just for the sake of allowing ssh access to the dev VM is too much i.m.o.

there are multiple ways to allow SSH access into dev VMs while still keeping the images reproducibly buildable. l2 is using one of them, but there are definitely others available too.

Base automatically changed from trunk/l2-merge-main to main March 19, 2026 15:28
@alexhulbert alexhulbert requested review from 0x416e746f6e and removed request for 0x416e746f6e April 8, 2026 21:03
@alexhulbert
Copy link
Copy Markdown
Member Author

alexhulbert commented Apr 8, 2026

@0x416e746f6e Does this work for you? Now the PR just disables root login and serial console by default, so you don't need those patches

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@0x416e746f6e 0x416e746f6e Awaiting requested review from 0x416e746f6e

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@alexhulbert @0x416e746f6e