Colin Watson <cjwat...@debian.org> writes: > On Fri, Jan 24, 2025 at 09:40:50AM +0100, PICCA Frederic-Emmanuel wrote: >> Hello, I would like to customize the debian-installer in order to allow root >> access once installed via an authorize key. >> >> so I need to put something like this in the /root/.ssh/ during the >> installation >> >> echo "ssh-rsa >> AAAAB3NzaC1yc2EAAAADAQABAAACAQDGkFpSsCIGpAJtsH4TWHCatHMkdGMS/PTG2M/7xeWz6Syw/JUrZPc/5bRC9H5+bikrhotZOidC+lafzGFHGmHzpq7+rXrd5Np3uHH6U+Y0O7mUeU0CVhCpkIr2ggk4Bw7K79/d6fsPXZi2h+JAZ9cBaI6ob5K6e70Ljj3REZRh7LXBVIAd1hmMPEESb5xll1MHvB/7Qn6r6uupcOY/pC/LH+ZPUaqvwXGrSltFjJoeFEW8H05uYkuZta5vBG/owdLjRt6v7h3tnINsMV4S0uKNQNz6022xAptn1FY1WQ0F1y738hTNoikITty//MB3HW3uQEpw4sXN7tEGqQtHrbMkPfcwb+KMISXYlHPaBt9ik4fWnt55U1IzXr5s/ErT6/ZCG2iPfnffuHnCVMujrUu+KcnHtF7Ux50N1QxR7+EiT6WxRDW3S6Vz0MQ6jTZdy/YryKYZtGnriFb2RwRu9Y7Df+VYfj4nKrnF3JQF9yipBLcUhpliNvByvoh7eTE8iWuVlp3GkdHotEq4okH88TtUG5DBbddGHoGpxnzi8R4sn+YvFTybywwhKgMQh0ueJ26j326AgujBDlvL3Hf6Satz/EDmwjStWGSwWQAcy+W+gfNAuRfHpyYHKDGPIJLzMfuf0vx0KLL0C55x7I4cGqOIT22RXLhhf9NFHNDi4Q== >> cardno:000500001073" > /root/.ssh/authorized_keys >> >> Is it a feature provided by d-i ? > > You can do this with preseed/late_command > (https://www.debian.org/releases/bookworm/amd64/apbs05.en.html#preseed-hooks, > and see https://www.debian.org/releases/bookworm/amd64/apb.en.html for > general advice on preseeding if you haven't used it before). Something > like this should work: > > d-i preseed/late_command string mkdir -p /target/root/.ssh; echo 'ssh-rsa > ...' >/target/root/.ssh/authorized_keys
If setting one ssh key is the only thing you want to tweak, then as Colin says, the late_command is the way to go. If you want to do more complicated things, especially if you have multiple sets of machines that need different settings applied and/or different keys preinstalled, then you might want to have a look at: https://hands.com/d-i/ which lets you specify which keys should be installed to which users, and set the local passwords etc. For example, here's a site-local default that can be (overridden based on domainname, hostname, or pretty-much any other criterion you like): https://hands.com/d-i/preseed/local/_users/default with the keys being installed from the sshkeys.* files here: https://hands.com/d-i/preseed/local/_users/ and if the machine happens to be told via DNS that it's called 'nimble' on one of my test networks, then instead it'll get these settings: https://hands.com/d-i/preseed/local/_users/_hostname/hk.hands.com/nimble HTH BTW I'm happy to answer questions about how that all works, if you think it's worth a try for your usage. Cheers, Phil. -- Philip Hands -- https://hands.com/~phil
signature.asc
Description: PGP signature
