From 778abdbfa132e31bb5abcbf684e07524e99c01ad Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 17 Apr 2024 21:56:41 +0200 Subject: [PATCH] doc: fix .ssh credential examples Let's create the .ssh dir with the right perms first. Suggested by @gcb. Fixes: #28172 --- docs/CREDENTIALS.md | 2 +- man/tmpfiles.d.xml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/CREDENTIALS.md b/docs/CREDENTIALS.md index 070ef42cf0f..9b27b541cf1 100644 --- a/docs/CREDENTIALS.md +++ b/docs/CREDENTIALS.md @@ -451,7 +451,7 @@ qemu-system-x86_64 \ -device scsi-hd,drive=hd,bootindex=1 \ -device vhost-vsock-pci,id=vhost-vsock-pci0,guest-cid=42 \ -smbios type=11,value=io.systemd.credential:vmm.notify_socket=vsock:2:1234 \ - -smbios type=11,value=io.systemd.credential.binary:tmpfiles.extra=$(echo "f~ /root/.ssh/authorized_keys 600 root root - $(ssh-add -L | base64 -w 0)" | base64 -w 0) + -smbios type=11,value=io.systemd.credential.binary:tmpfiles.extra=$(echo -e "d /root/.ssh 0750 root root -\nf~ /root/.ssh/authorized_keys 0600 root root - $(ssh-add -L | base64 -w 0)" | base64 -w 0) ``` A process on the host can listen for the notification, for example: diff --git a/man/tmpfiles.d.xml b/man/tmpfiles.d.xml index 0aabfa625ae..dc8fea23ddb 100644 --- a/man/tmpfiles.d.xml +++ b/man/tmpfiles.d.xml @@ -868,7 +868,7 @@ e! /var/cache/krb5rcache - - - 0 Provision SSH public key access for root user via Credentials in QEMU - -smbios type=11,value=io.systemd.credential.binary:tmpfiles.extra=$(echo "f~ /root/.ssh/authorized_keys 700 root root - $(ssh-add -L | base64 -w 0)" | base64 -w 0) + -smbios type=11,value=io.systemd.credential.binary:tmpfiles.extra=$(echo -e "d /root/.ssh 0750 root root -\nf~ /root/.ssh/authorized_keys 0600 root root - $(ssh-add -L | base64 -w 0)" | base64 -w 0) By passing this line to QEMU, the public key of the current user will be encoded in base64, added -- 2.47.3