Make ssh keys configurable about lima HOT 6 CLOSED

I've choosen $LIMA_HOME/_config because there seemed to be tentative agreement already in #63 on using $LIMA_HOME/_cache for the cache.

What about using instance directories ($LIMA_HOME/<INSTANCE>)?

from lima.

What about using instance directories ($LIMA_HOME/<INSTANCE>)?

I don't really see a reason to use (and generate) a different identity to connect to the different instances.

But there is also a logic-flow issue: the instance directory is create by lima in response to limactl start, so there is no way to insert an authorized host entry there before the VM is spun up.

I guess you could add an entry into the limayaml file for authorized keys. I don't care much either way, but I think eventually lima will have other data to store in a _config directory anyways (e.g. preference settings), so putting a shared identity in there made sense to me.

from lima.

SGTM

from lima.

After further consideration I think we should always use an internal identity and never rely on the user's ~/.ssh.

Hypothetical situation: the user has a single key, and that get's replaced for whatever reason (key compromise, company policy to stronger keys, whatever). If the user replaces the key and doesn't have a backup, they lose all access to all running lima instances and will have to recreate them from scratch. It will also be difficult to understand why limactl shell suddenly stops working.

Not ever using ~/.ssh/*.pub also simplifies the code, reducing the chance for bugs.

@AkihiroSuda Is there any reason not to update #83 to make this change?

from lima.

After further consideration I think we should always use an internal identity

SGTM 👍

and never rely on the user's ~/.ssh.

I would prefer to use both internal identity and ~/.ssh by default so that the user can use other ssh-based programs such as rsync and sshfs with Lima without googling around how to specify the internal identity.

We can have a YAML field like ssh.loadDotSSHPubKeys: false to optionally disable ~/.ssh if there is a concern.

from lima.

| We can have a YAML field like ssh.loadDotSSHPubKeys: false to optionally disable ~/.ssh if there is a concern.

I don't see a reason why that would be needed. Adding the ~/.ssh/*.pub keys should be fine, as long as there is always also an independent lima identity included, so the instances remain accessible, regardless of what happens to the user-managed keys.

from lima.