Managing multiple user accounts within the cloud-based Socorro infrastructure is a fool's errand; instead, the plan is use a single login (role acccount) with multiple accepted SSH keys (one per user). These keys are managed from the Source of Truth and implanted during the node provisioning step.
In order to keep track of things, however, it will be helpful to tag the public SSH keys with an identifier of the user that possesses the associated private key. Normally this is what the "comment" field is for:
ssh-rsa <big_ol_key> [comment]
The issue here is that the "comment" section isn't exported, announced, or otherwise relevent at all from a system perspective. Instead, I propose adding a small environment variable that does the job:
environment="SSH_KEY=happyuser" ssh-rsa <big_ol_key> [comment]
This can then be used within the shell session, for example, as part of the prompt. Consider the following block from the .bashrc of user socorro:
if [ "x${SSH_KEY}" != "x" ]; then
export PS1="[<${SSH_KEY}>\u@\h \W]\$ "
fiWhich results in:
[<happyuser>socorro@localhost ~]$
lgtm