proposal: warn on duplicated ssh-keys #257

open

opened by

boltless.me 2 months ago

Currently tangled quietly expects ssh-keys to be unique to each users. Which leads to some unexpected "access denied" on git push like reported on discord.

We can solve this in two ways.

1. appview side fix: force user to set unique ssh-key on register#

Basically telling user "your ssh-key is already used by @otheruser.com"

2. knot side fix: check for all existing users with same ssh-key#

Allow users to share same ssh-key between multiple accounts and warn when authority collides.

access denied for user @otheruser.com

same ssh-key is used by @you.com who has access to this repository.
Please set unique ssh-key for each accounts.

anirudh.fi 2mo ago

I'm more inclined towards 1. It's reasonable to enforce unique ssh key per user. And it's good hygeine.

cdbrdr.com 18d ago

How can I recover after this has happened? I initially created a <user>.tngl.sh account to test with, added my SSH key and later on started running my own PDS. On my new user I added the same SSH key and recently I noticed I get "access denied" on the computer that has this key. After realizing what's going on I logged into the old account, removed the SSH key and when that didn't work I even removed and added it back on my new one.

What's concerning is that even though I have removed the SSH key from the original account I'm still identified with that DID when I test it with ssh git@tangled.org. Is it impossible to delete an SSH key from an account?

Labels

None yet.

area

None yet.

assignee

None yet.

Participants 3

AT URI

at://did:plc:xasnlahkri4ewmbuzly2rlc5/sh.tangled.repo.issue/3m2ltngqirp22