man: add example with one-liner for ssh provisioning via tmpfiles.d + Creds

author Luca Boccassi <bluca@debian.org>

Thu, 8 Sep 2022 15:27:52 +0000 (16:27 +0100)

committer Luca Boccassi <bluca@debian.org>

Thu, 8 Sep 2022 15:27:52 +0000 (16:27 +0100)
author Luca Boccassi <bluca@debian.org>
Thu, 8 Sep 2022 15:27:52 +0000 (16:27 +0100)
committer Luca Boccassi <bluca@debian.org>
Thu, 8 Sep 2022 15:27:52 +0000 (16:27 +0100)
diff --git a/man/tmpfiles.d.xml b/man/tmpfiles.d.xml

index 04617bc532671d60377db0b62ea443027f68ed2c..15785d1bf2a2913379b577de04b1a5689fe0f1fe 100644 (file)
--- a/man/tmpfiles.d.xml
+++ b/man/tmpfiles.d.xml
@@ -826,6 +826,19 @@ e! /var/cache/krb5rcache - - - 0
        will be removed on boot. The directory will not be created.
        </para>
      </example>
+
+    <example>
+      <title>Provision SSH public key access for root user via Credentials in QEMU</title>
+
+      <programlisting>-smbios type=11,value=io.systemd.credential.binary:tmpfiles.extra=$(echo "f~ /root/.ssh/authorized_keys 700 root root - $(ssh-add -L | base64 -w 0)" | base64 -w 0)
+</programlisting>
+
+      <para>By passing this line to QEMU, the public key of the current user will be encoded in
+      base64, added to a tmpfiles.d line that tells systemd-tmpfiles to decode it into
+      <filename>/root/.ssh/authorized_keys</filename>, encode that line itself in base64 and
+      pass it as a Credential that will be picked up by systemd from SMBIOS on boot.
+      </para>
+    </example>
    </refsect1>
  
    <refsect1>
author	Luca Boccassi <bluca@debian.org>
	Thu, 8 Sep 2022 15:27:52 +0000 (16:27 +0100)
committer	Luca Boccassi <bluca@debian.org>
	Thu, 8 Sep 2022 15:27:52 +0000 (16:27 +0100)