chore(push): add ssh_key option when using push-ot3

[vegano1]

Overview

We are enabling SSH RSA keys on the Flex, which means you will no longer be able to SSH to a Flex release build without a valid SSH private key added using the new /server/ssh_keys/from_local endpoint recently added here. Because of this, we want to make sure developers are not affected and are ready once the robots require SSH keys. In order to support this we need to change our push-ot3 Makefile script so it now takes in an identity file ssh_key as the private key.

Instructions for adding your SSH key to the Flex

1. Make sure the Flex is powered on
2. Make sure you are running a version of the software that supports the /server/ssh_keys/from_local endpoint
3. Copy your valid SSH RSA public key to a USB thumb drive
4. Plug the USB thumb drive into the Flex
5. Using curl or equivalent send a POST request to the /server/ssh_keys/from_local endpoint, see below

curl --location --request POST 'http://10.13.11.96:31950/server/ssh_keys/from_local' --header 'opentrons-version: 3'

7. If successful, the response status will be a 201 and the message will tell you how many keys were added
   { "message": "Added 1 new keys", "key_md5": [ "0ca9f47168c05f6675fe1806f9063084" ] }
8. If unsuccessful, the response status will be 404
{ "error": "no-key", "message": "No valid keys found" }

Test Plan

• Use push-ot3 without ssh_key on a robot with ssh keys enabled and make sure you get permission denied
• Use push-ot3 ssh_key on a robot with SSH keys enabled and make sure you get permission denied if the private key is invalid
• Use push-ot3 with ssh_key on a robot with SSH keys enabled and make sure you can SSH if you have a valid private key.

Changelog

• Added ssh_key option to make-push so It takes in an identity file in order to perform SSH/SCP operations
• Remove the default default_ssh_key from scripts/push.mk so we can still ssh into a Flex without providing an identity file

Review requests

• It should be straightforward but would like some thoughts on removing the default default_ssh_key, Is anything wrong with this?

Risk assessment

Medium, this will affect developers directly or anyone needing to use make push-ot3 to SSH/SCP to the robot and if the robot version and local monorepo branch are not in sync it will cause problems.

[sfoster1]

Looks good to me!

[codecov]

Codecov Report

Merging #13521 (a17fa16) into chore_release-7.0.0 (cbccf7d) will decrease coverage by 17.14%.
Report is 45 commits behind head on chore_release-7.0.0.
The diff coverage is n/a.

Additional details and impacted files

@@                   Coverage Diff                    @@
##           chore_release-7.0.0   #13521       +/-   ##
========================================================
- Coverage                71.36%   54.23%   -17.14%     
========================================================
  Files                     1586      615      -971     
  Lines                    52713    19675    -33038     
  Branches                  3434     2604      -830     
========================================================
- Hits                     37621    10671    -26950     
+ Misses                   14563     8598     -5965     
+ Partials                   529      406      -123     

Flag	Coverage Δ
api	?
app	43.40% <ø> (-0.08%)	⬇️
components	?
g-code-testing	?
hardware	56.41% <ø> (-0.07%)	⬇️
hardware-testing	?
labware-library	?
notify-server	89.13% <ø> (ø)
ot3-gravimetric-test	?
react-api-client	?
robot-server	?
shared-data	71.75% <ø> (-2.14%)	⬇️
system-server	?
update-server	?
usb-bridge	?

Flags with carried forward coverage won't be shown. Click here to find out more.

see 977 files with indirect coverage changes