I have to say I am surprised by the behavior on Ubuntu Core, as there is no further notice or warning at or after the email prompt.Īs a side note: I recently activated two-factor authentication for my Ubuntu One account. Can the credentials within ~/.snap/auth.json be used to authenticate with snapcraft?.As I have given these devices to others, should I be concerned that my account is compromised?.How can I be authenticated with the snap store on these devices when I never entered any credentials? The only thing I can think of would be some authentication using the private SSH key on my workstation when I connected to the device over SSH the first time.I verified it on one of my Ubuntu Core devices by running snap whoami and checking whether ~/.snap/auth.json exists. However, I recently stumbled across a post within this forum (I think it was by Oliver Grawert) stating that setting up an Ubuntu Core device this way also logs you into the snap command as if you would manually call snap login.
The SSH key and the Ubuntu One username are both publicly available information on Launchpad.
#Snap login install#
install and configure the necessary snapsĪs this process never asks for my Ubuntu One password, I thought this only fetches the SSH keys and creates a local user named the same as my Ubuntu One username.enter my email address during setup to fetch and install my SSH key automatically.Over the years, I also have set up multiple Ubuntu Core 18 and 20 devices using the “prebuild” images provided by Canonical in the following way: To release or modify anything within the store, you have to use snapcraft and snapcraft login. The snap login only allows to “consume” snaps that are already released in the store. These “logins” are independent of each other.
0 kommentar(er)
