Public bug reported:
Binary package hint: network-console
Hi,
I have a compelling use case that necessitates using the network-console
during the install but requires that the method of authentication is
done by public key/authorized keys instead of by means of passing a
password to the machine in debconf preseeding.
Instead of taking a messy approach of writing in support in an early or
late command, I have written a patch that adds this support to Debian-
Installer.
Attached to this bug is a debdiff patch to the network-console source
package that adds public key/authorized keys support to network-console.
If network-console is included in the Debian-Installer initrd, not a
requirement for this patch's inclusion, it will create a menu item
shortly after the network has been configured and ask for some some
additional authentication information. The debconf question priorities
are reasonable, so little interference is to be expected; and again,
this will only affect installers that have explicitly included the
network-console udeb in Debian-Installer, which means only people who
have manually rebuilt Debian-Installer.
The exact character of the changes is that an additional debconf
question is asked that inquires if there is an URL from which to
download a list of public keys that the network-console is to allow. The
reason that I took this approach instead of merely providing a freetext
debconf field is that this decouples the key from debconf, and it
results in cleaner preseed files. Not only that, it allows the
enterprising systems engineer to write a HTTP dispatcher that can
dynamically determine which public keys the to-be-installed machine
accepts.
This is probably most useful to systems administrators and engineers who
are engaging in mass- and remote-deployment applications of Ubuntu
server and workstation.
I have tested this out with the latest Debian-Installer, and everything
appears to work as expected. I plan on submitting this upstream into
Debian within the next few weeks. Since the code freeze for the Hardy
Heron release is fast I approaching, I am submitting this patch to
Ubuntu first in hopes that it can be ushered in very quickly. I will be
working with my friends involved with Debian project to get this
included in the near future to keep the amount of delta between the two
projects low.
I have even included internationalization support in the new things that
I have added.
Let me know if you have any questions. Let's do what we can to get this
incorporated relatively quickly.
Cheers,
Matt
** Affects: network-console (Ubuntu)
Importance: Undecided
Status: New
--
Provide Support for Public Key/Authorized Keys-based Authentication When
Password Seeding in Preseed is Undesirable
https://bugs.launchpad.net/bugs/184108
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
