As a standard security practice, I maintain unique SSH private keys per machine. I have added the new work laptop SSH key to LDAP, but overlay doesn't seem to consult with it. Please add overlay access to the leio@daedalus key in LDAP to all overlays I have relevant access to. This can be retrieved from perl_ldap -s leio on woodpecked of course. Access to the leio@martr-gentoo SSH key can be removed now as well, while at it - that key is out of my control now from my previous job work machine.
leio@martr-gentoo removed, leio@yeeloong and leio@daedalus added.
As automatic sync with LDAP still doesn't seem to be implemented, I now have the following updates: leio@daedalus can be removed - don't have that machine anymore and I shredded my content after partial backup to phoenix, but more secure to remove pubkey regardless. leio@asustmp needs to be added - this is now my current (possibly temporary, but private key would get shredded once in my hands anymore) work laptop with mostly up to date gentoo, on which I'd like to do some gnome and x11 overlays work, maybe more out of the overlays I have access to. leio@odyssey is a desktop machine that currently has broken graphics card, so out of commission - but privkey is safe in the powered off machine in the corner. Unsure if and when it gets revived; so no need to add this key immediately, but can be for the sake of synced with LDAP. stable@phoenix is a key in a chroot; no matter with that, I can also access overlays outside the chroot if needed.
(In reply to comment #2) > As automatic sync with LDAP still doesn't seem to be implemented, I now have > the following updates: > > leio@daedalus can be removed - don't have that machine anymore and I > shredded my content after partial backup to phoenix, but more secure to > remove pubkey regardless. > > leio@asustmp needs to be added - this is now my current (possibly temporary, > but private key would get shredded once in my hands anymore) work laptop > with mostly up to date gentoo, on which I'd like to do some gnome and x11 > overlays work, maybe more out of the overlays I have access to. > > leio@odyssey is a desktop machine that currently has broken graphics card, > so out of commission - but privkey is safe in the powered off machine in the > corner. Unsure if and when it gets revived; so no need to add this key > immediately, but can be for the sake of synced with LDAP. > > stable@phoenix is a key in a chroot; no matter with that, I can also access > overlays outside the chroot if needed. leio@daedalus removed leio@asustmp added stable@phoenix added
Please add leio@localhost key from LDAP (and implement LDAP sync :D). Can be named leio@orion if you don't like localhost as it was generated before hostname setting. It is my main work and gentoo development machine right now. In lack of LDAP sync I partly gave up on separate SSH keys and am reusing one of the existing ones on my ARM setups that use overlays... which is sad, but reopening this bug for each of those would get bothersome really fast.
(In reply to Mart Raudsepp from comment #4) > Please add leio@localhost key from LDAP (and implement LDAP sync :D). Can be > named leio@orion if you don't like localhost as it was generated before > hostname setting. It is my main work and gentoo development machine right > now. > > In lack of LDAP sync I partly gave up on separate SSH keys and am reusing > one of the existing ones on my ARM setups that use overlays... which is sad, > but reopening this bug for each of those would get bothersome really fast. New key added.
