> ## Documentation Index
> Fetch the complete documentation index at: https://cloudanix.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Adding ssh keys to authorized keys

### Event Information

#### Meaning

* This event indicates that someone has added an SSH key to the authorized\_keys file, potentially granting them access to the system.
* It is important to investigate this event promptly to ensure that only authorized users have access to the cluster.
* To further investigate, you can check the authorized\_keys file in the user's home directory using the following command: `kubectl exec <pod_name> -- cat ~/.ssh/authorized_keys`

#### Remediation

* Create a Kubernetes ConfigMap containing the authorized\_keys data:
  ```
  kubectl create configmap ssh-keys --from-file=authorized_keys=authorized_keys_file
  ```

* Create a Kubernetes Pod manifest file to run a Python script using the Kubernetes API to add the SSH keys to authorized\_keys:
  ```yaml theme={null}
  apiVersion: v1
  kind: Pod
  metadata:
    name: ssh-keys-remediation
  spec:
    containers:
    - name: ssh-keys-remediation
      image: python:3
      command: ["python"]
      args: ["add_ssh_keys.py"]
      volumeMounts:
      - name: ssh-keys-volume
        mountPath: /keys
    volumes:
    - name: ssh-keys-volume
      configMap:
        name: ssh-keys
  ```

* Create a Python script (add\_ssh\_keys.py) to read the authorized\_keys from the ConfigMap and add them to the appropriate authorized\_keys file:
  ```python theme={null}
  import os

  with open('/keys/authorized_keys', 'r') as f:
      authorized_keys = f.read()

  with open('/root/.ssh/authorized_keys', 'a') as f:
      f.write(authorized_keys)
  ```
