agama-project · mchf · Mar 15, 2026 · Mar 12, 2026 · Mar 12, 2026 · Mar 12, 2026
diff --git a/rust/agama-lib/share/profile.schema.json b/rust/agama-lib/share/profile.schema.json
@@ -707,6 +707,13 @@
         "hashedPassword": {
           "title": "Flag for hashed password (true) or plain text password (false or not defined)",
           "type": "boolean"
+        },
+        "sshPublicKeys": {
+          "title": "List of SSH public keys",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
         }
       },
       "required": ["fullName", "userName", "password"]
@@ -727,6 +734,13 @@
         "sshPublicKey": {
           "title": "SSH public key",
           "type": "string"
+        },
+	"sshPublicKeys": {
+          "title": "List of SSH public keys",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
         }
       }
     },

diff --git a/rust/agama-users/src/model.rs b/rust/agama-users/src/model.rs
@@ -128,7 +128,18 @@ impl Model {
             )));
         }
 
-        self.set_user_group(user_name)?;
+        if let Some(ssh_keys) = &user.ssh_public_keys {
+            // TODO:
+            // 1) enable sshd & open port as in case of root or not?
+            // 2) do some magic about user's home dir path or stay
+            // with hardcoded default?
+            self.update_authorized_keys(
+                &PathBuf::from(format!("/home/{}/.ssh", user_name)),
+                &ssh_keys.iter().collect::<Vec<&String>>(),
+            )?;
+        }
+
+        let _ = self.set_user_group(user_name);
         self.set_user_password(user_name, user_password)?;
         self.update_user_fullname(user)
     }
@@ -145,8 +156,18 @@ impl Model {
         }
 
         // store ssh key for root if any
+        let mut ssh_keys = if let Some(ssh_keys) = &root.ssh_public_keys {
+            ssh_keys.iter().collect::<Vec<&String>>()
+        } else {
+            vec![]
+        };
+        // for historical reason and backward compatibility. Originally
+        // there was at most one public SSH key for the root
         if let Some(ref root_ssh_key) = root.ssh_public_key {
-            self.update_authorized_keys(root_ssh_key)?;
+            // TODO: deal with possible duplicates?
+            ssh_keys.push(root_ssh_key);
+
+            self.update_authorized_keys(&PathBuf::from("root/.ssh/authorized_keys"), &ssh_keys)?;
             self.enable_sshd_service()?;
             self.open_ssh_port()?;
         }
@@ -210,9 +231,13 @@ impl Model {
     }
 
     /// Updates root's authorized_keys file with SSH key
-    fn update_authorized_keys(&self, ssh_key: &str) -> Result<(), service::Error> {
+    fn update_authorized_keys(
+        &self,
+        keys_path: &PathBuf,
+        ssh_keys: &[&String],
+    ) -> Result<(), service::Error> {
         let mode = 0o644;
-        let file_name = self.install_dir.join("root/.ssh/authorized_keys");
+        let file_name = self.install_dir.join(keys_path);
         let mut authorized_keys_file = OpenOptions::new()
             .create(true)
             .append(true)
@@ -223,9 +248,12 @@ impl Model {
         // sets mode also for an existing file
         fs::set_permissions(&file_name, Permissions::from_mode(mode))?;
 
-        writeln!(authorized_keys_file, "{}", ssh_key.trim())?;
-
-        Ok(())
+        ssh_keys
+            .iter()
+            .try_for_each(|ssh_key| -> Result<(), service::Error> {
+                writeln!(authorized_keys_file, "{}", ssh_key.trim())?;
+                Ok(())
+            })
     }
 
     /// Enables sshd service in the target system

diff --git a/rust/agama-utils/src/api/users/config.rs b/rust/agama-utils/src/api/users/config.rs
@@ -83,6 +83,9 @@ pub struct FirstUserConfig {
     /// First user's username
     #[merge(strategy = merge::option::overwrite_none)]
     pub user_name: Option<String>,
+    #[merge(strategy = merge::option::overwrite_none)]
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub ssh_public_keys: Option<Vec<String>>,
 }
 
 impl FirstUserConfig {
@@ -140,6 +143,9 @@ pub struct RootUserConfig {
     #[merge(strategy = merge::option::overwrite_none)]
     #[serde(skip_serializing_if = "Option::is_none")]
     pub ssh_public_key: Option<String>,
+    #[merge(strategy = merge::option::overwrite_none)]
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub ssh_public_keys: Option<Vec<String>>,
 }
 
 impl RootUserConfig {
@@ -156,6 +162,10 @@ impl RootUserConfig {
             return false;
         }
 
+        if self.ssh_public_keys.as_ref().is_some_and(|k| !k.is_empty()) {
+            return false;
+        }
+
         true
     }
 }
@@ -242,6 +252,16 @@ mod test {
             ..Default::default()
         };
         assert!(!root_with_ssh_key_config.is_empty());
+
+        let root_with_ssh_keys = RootUserConfig {
+            ssh_public_keys: Some(vec!["12345678".to_string()]),
+            ..Default::default()
+        };
+        let root_with_ssh_keys_config = Config {
+            root: Some(root_with_ssh_keys),
+            ..Default::default()
+        };
+        assert!(!root_with_ssh_keys_config.is_empty());
     }
 
     #[test]
@@ -255,6 +275,7 @@ mod test {
                 password: "12345678".to_string(),
                 hashed_password: false,
             }),
+            ssh_public_keys: None,
         };
         assert!(valid_user.is_valid());
 
@@ -265,6 +286,7 @@ mod test {
                 password: "12345678".to_string(),
                 hashed_password: false,
             }),
+            ssh_public_keys: None,
         };
         assert!(!empty_user_name.is_valid());
 
@@ -275,6 +297,7 @@ mod test {
                 password: "12345678".to_string(),
                 hashed_password: false,
             }),
+            ssh_public_keys: None,
         };
         assert!(!empty_full_name.is_valid());
 
@@ -285,7 +308,19 @@ mod test {
                 password: "".to_string(),
                 hashed_password: false,
             }),
+            ssh_public_keys: None,
         };
         assert!(!empty_password.is_valid());
+
+        let with_ssh_keys = FirstUserConfig {
+            user_name: Some("firstuser".to_string()),
+            ssh_public_keys: Some(vec!["12345678".to_string()]),
+            ..Default::default()
+        };
+        let with_ssh_keys_config = Config {
+            first_user: Some(with_ssh_keys),
+            ..Default::default()
+        };
+        assert!(!with_ssh_keys_config.is_empty());
     }
 }
diff --git a/service/lib/agama/autoyast/root_reader.rb b/service/lib/agama/autoyast/root_reader.rb
@@ -46,8 +46,7 @@ def read
           hsh["hashedPassword"] = true if password.value.encrypted?
         end
 
-        public_key = root_user.authorized_keys.first
-        hsh["sshPublicKey"] = public_key if public_key
+        hsh = hsh.merge(setup_ssh(root_user))
 
         return {} if hsh.empty?
 
@@ -66,6 +65,17 @@ def config
         result = reader.read
         @config = result.config
       end
+
+      def setup_ssh(root_user)
+        hsh = {}
+
+        public_key = root_user.authorized_keys.first
+
+        hsh["sshPublicKey"] = public_key if public_key
+        hsh["sshPublicKeys"] = root_user.authorized_keys if !root_user.authorized_keys.empty?
+
+        hsh
+      end
     end
   end
 end
diff --git a/service/lib/agama/autoyast/user_reader.rb b/service/lib/agama/autoyast/user_reader.rb
@@ -37,17 +37,16 @@ def read
         user = config.users.find { |u| !u.system? && !u.root? }
         return {} unless user
 
-        hsh = {
-          "userName" => user.name,
-          "fullName" => user.gecos.first.to_s
-        }
+        hsh = basic_user_info(user)
 
         password = user.password
         if password
           hsh["password"] = password.value.to_s
           hsh["hashedPassword"] = true if password.value.encrypted?
         end
 
+        hsh["sshPublicKeys"] = user.authorized_keys if !user.authorized_keys.empty?
+
         { "user" => hsh }
       end
 
@@ -63,6 +62,13 @@ def config
         result = reader.read
         @config = result.config
       end
+
+      def basic_user_info(user)
+        {
+          "userName" => user.name,
+          "fullName" => user.gecos.first.to_s
+        }
+      end
     end
   end
 end
diff --git a/service/test/agama/autoyast/root_reader_test.rb b/service/test/agama/autoyast/root_reader_test.rb
@@ -71,7 +71,9 @@
       it "includes a 'root' key with the root user data" do
         root = subject.read["root"]
         expect(root).to eq(
-          "password" => "123456", "sshPublicKey" => "ssh-key 1"
+          "password"      => "123456",
+          "sshPublicKey"  => "ssh-key 1",
+          "sshPublicKeys" => ["ssh-key 1", "ssh-key 2"]
         )
       end