Store users' keys below /cfg Our rootfs is read-only while /cfg is intended to be preserved across updates. So the root's key is expected at /cfg/ssh-user-auth/root, for example. Change-Id: Idde1c5dba83ee648a779b56531e8a3d39847f84e

commit: 86665c4dbff8318fff3c535e3052507c839ac25a [log] [tgz]
author: Jan Kundrát <jan.kundrat@cesnet.cz> Wed Jun 06 13:38:22 2018 +0200
committer: Jan Kundrát <jan.kundrat@cesnet.cz> Wed Jun 06 13:38:22 2018 +0200
tree: 470c24bead92580ea33c4c64bc1fc13a1d26aa57
parent: bc1236c6fed91500bea0cb642e495e302431d2c3 [diff]
diff --git a/package/czechlight-cfg-fs/czechlight-cfg-fs.mk b/package/czechlight-cfg-fs/czechlight-cfg-fs.mk
index c774691..a598682 100644
--- a/package/czechlight-cfg-fs/czechlight-cfg-fs.mk
+++ b/package/czechlight-cfg-fs/czechlight-cfg-fs.mk

@@ -42,4 +42,10 @@
 	$(endif)
 endef
 
+# Configure OpenSSH to look for *user* keys in the /cfg
+define CZECHLIGHT_CFG_FS_OPENSSH_AUTH_PATH_PATCH
+	$(SED) 's|^AuthorizedKeysFile.*|AuthorizedKeysFile /cfg/ssh-user-auth/%u|' $(TARGET_DIR)/etc/ssh/sshd_config
+endef
+OPENSSH_POST_INSTALL_TARGET_HOOKS += CZECHLIGHT_CFG_FS_OPENSSH_AUTH_PATH_PATCH
+
 $(eval $(generic-package))
commit	86665c4dbff8318fff3c535e3052507c839ac25a	[log] [tgz]
author	Jan Kundrát <jan.kundrat@cesnet.cz>	Wed Jun 06 13:38:22 2018 +0200
committer	Jan Kundrát <jan.kundrat@cesnet.cz>	Wed Jun 06 13:38:22 2018 +0200
tree	470c24bead92580ea33c4c64bc1fc13a1d26aa57
parent	bc1236c6fed91500bea0cb642e495e302431d2c3 [diff]