improve cert-signing ux

2026-01-19 17:57:15 +01:00
parent 512177cab0
commit 2af7ff85c1
3 changed files with 30 additions and 21 deletions
--- a/cmd/dkl-local-server/ssh-secrets.go
+++ b/cmd/dkl-local-server/ssh-secrets.go
@ -156,28 +156,25 @@ func sshCASign(cluster string, userPubKey []byte, principal, validity string, op
 		return
 	}

-	_, identity, _, _, err := ssh.ParseAuthorizedKey(userPubKey)
+	pubkey, identity, _, _, err := ssh.ParseAuthorizedKey(bytes.TrimSpace(userPubKey))
 	if err != nil {
 		return
 	}

+	ak := ssh.MarshalAuthorizedKey(pubkey)
+
 	userPubKeyFile, err := os.CreateTemp("/tmp", "user.pub")
 	if err != nil {
 		return
 	}
 	defer os.Remove(userPubKeyFile.Name())

-	_, err = io.Copy(userPubKeyFile, bytes.NewBuffer(userPubKey))
+	_, err = io.Copy(userPubKeyFile, bytes.NewBuffer(ak))
 	userPubKeyFile.Close()
 	if err != nil {
 		return
 	}

-	err = os.WriteFile(userPubKeyFile.Name(), userPubKey, 0600)
-	if err != nil {
-		return
-	}
-
 	serial := strconv.FormatInt(time.Now().Unix(), 10)
 	cmd := exec.Command("ssh-keygen", "-q", "-s", "/dev/stdin", "-I", identity, "-z", serial, "-n", principal)