obel1x/fedora-OEMDRV
0
0
Fork 1
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

SSH Key storage on IPA and Bugfix when Config is already existing #35

Merged
obel1x merged 2 commits from unbrot/fedora-OEMDRV:main into main 2026-06-17 15:44:31 +02:00
Conversation 0 Commits 2 Files Changed 2
+105
obel1x commented 2026-06-17 15:44:21 +02:00
Owner
Copy Link
Copy Source
No description provided.
obel1x added 2 commits 2026-06-17 15:44:21 +02:00
0060_ssh_key: add private key escrow via IPA vault and README a708e4fa6e 
Provisions ~/.ssh/id_ed25519 once and stores it in the FreeIPA KRA
vault so the key persists across reinstalls/new machines instead of
being regenerated each time. Guards against silently overwriting an
existing vault key on transient failures (missing ~/.ssh, vault-add
errors, ssh-keygen failures) before archiving.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
0060_ssh_key: relocate ~/.ssh into encrypted data dir, generate non-interactively 6fe96f82fd 
Symlinks ~/.ssh to ${DECRYPTEDDATADIR}/ssh_keys (migrating any existing
content once) so the key lives in the gocryptfs-encrypted area instead
of the plain home directory. Also passes -N "" to ssh-keygen so key
generation no longer prompts for a passphrase.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
obel1x merged commit 4af970dfc4 into main 2026-06-17 15:44:31 +02:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
obel1x (Daniel Pätzold)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: obel1x/fedora-OEMDRV#35
Delete Branch "unbrot/fedora-OEMDRV:main"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?