change update-ssh-keys to not clobber ~core/.ssh/authorized_keys

[Darren S]

So I've figured out that you really shouldn't touch ~core/.ssh/authorized_keys because update-ssh-keys clobbers that file on subsequent runs.  Would anyone be opposed if I put in a PR to slightly change that behaviour?  Heres what I propose.

When reading ~/.ssh/authorized_keys.d/* the content of the those files will get "#update-ssh-keys" appended to the end of the line.  Authorized_keys would look like

ssh-rsa AAAAB3Nz...Cp mykey #update-ssh-keys

When generating the authorized_keys on subsequent runs I'd then strip all lines with #update-ssh-keys and then add in the contents from ~core/.ssh/authorized_keys.  I'm pretty sure I can put a '#' in the middle of the line.  If not, then just do a '#start update-ssh-keys'  and '#end update-ssh-keys' line then.

Darren

[Alex Polvi]

Darren, yes! We would definitely take that PR. Thank you. 

-Alex

[Mohammad Nasirifar]

It's been quite some time since this has been brought up and I am observing this behavior in 835.12.0(stable) as I am typing this. 

[Alex Crawford]

Do not modify the authorized_keys file directly. Instead, add your keys to a file under authorized_keys.d and run update-ssh-keys.

-Alex

---

From: Mohammad Nasirifar
Sent: ‎3/‎4/‎2016 23:15
To: CoreOS Dev
Subject: Re: change update-ssh-keys to not clobber ~core/.ssh/authorized_keys