From 6f69e2c0b7a126344bdd5048867e9b7076d92233 Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Wed, 2 Jun 2021 18:57:40 +0100 Subject: [PATCH] sshkeys: Require an option to set ssh keys for a non-ssh: acocunt Signed-off-by: Ian Jackson --- src/bin/otter.rs | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/bin/otter.rs b/src/bin/otter.rs index 10d6333b..1a2e181d 100644 --- a/src/bin/otter.rs +++ b/src/bin/otter.rs @@ -6,7 +6,6 @@ pub type MgmtChannel = ClientMgmtChannel; -// xxx ssh keys: need a force option to set key for non ssh: account // xxx make default account be ssh:: rather than unix:: if we are passed --ssh use otter::imports::*; @@ -2004,6 +2003,7 @@ mod set_ssh_keys { #[derive(Default,Debug)] struct Args { add: bool, + allow_non_ssh: bool, remove_current: bool, keys: String, } @@ -2014,6 +2014,9 @@ mod set_ssh_keys { ap.refer(&mut sa.add) .add_option(&["--add"],StoreTrue, "add keys, only (ie, leave all existing keys)"); + ap.refer(&mut sa.allow_non_ssh) + .add_option(&["--allow-non-ssh-account"],StoreTrue, + "allow settings ssh key access for a non-ssh: account"); ap.refer(&mut sa.remove_current) .add_option(&["--allow-remove-current"],StoreTrue, "allow removing the key currently being used for access"); @@ -2032,6 +2035,11 @@ mod set_ssh_keys { if ! ma.account.subaccount.is_empty() { throw!(ME::NoSshKeysForSubaccount); } + let is_ssh_account = matches!(ma.account.scope, AS::Ssh{..}); + if ! (args.allow_non_ssh || is_ssh_account) { + throw!(anyhow!("not setting ssh keys for non-ssh: account; \ + use --allow-non-ssh-account to override")); + } conn.prep_access_account(&ma, false)?; -- 2.30.2