change ssh key mode, mount key by subpath.

controllers/devbox/internal/controller/devbox_controller.go

@@ -543,7 +543,7 @@ func (r *DevboxReconciler) generateDevboxPod(devbox *devboxv1alpha1.Devbox, runt
 	volumes = append(volumes, devbox.Spec.ExtraVolumes...)
 
 	volumeMounts := runtime.Spec.Config.VolumeMounts
-	volumeMounts = append(volumeMounts, helper.GenerateSSHVolumeMounts())
+	volumeMounts = append(volumeMounts, helper.GenerateSSHVolumeMounts()...)
 	volumeMounts = append(volumeMounts, devbox.Spec.ExtraVolumeMounts...)
 
 	containers := []corev1.Container{

controllers/devbox/internal/controller/helper/devbox.go

@@ -348,11 +348,26 @@ func GetLastSuccessCommitImageName(devbox *devboxv1alpha1.Devbox, runtime *devbo
 	return commit.Image
 }
 
-func GenerateSSHVolumeMounts() corev1.VolumeMount {
-	return corev1.VolumeMount{
-		Name:      "devbox-ssh-keys",
-		MountPath: "/usr/start/.ssh",
-		ReadOnly:  true,
+func GenerateSSHVolumeMounts() []corev1.VolumeMount {
+	return []corev1.VolumeMount{
+		{
+			Name:      "devbox-ssh-keys",
+			MountPath: "/usr/start/.ssh/authorized_keys",
+			SubPath:   "authorized_keys",
+			ReadOnly:  true,
+		},
+		{
+			Name:      "devbox-ssh-keys",
+			MountPath: "/usr/start/.ssh/id",
+			SubPath:   "id",
+			ReadOnly:  true,
+		},
+		{
+			Name:      "devbox-ssh-keys",
+			MountPath: "/usr/start/.ssh/id.pub",
+			SubPath:   "id.pub",
+			ReadOnly:  true,
+		},
 	}
 }
 
@@ -377,7 +392,7 @@ func GenerateSSHVolume(devbox *devboxv1alpha1.Devbox) corev1.Volume {
 						Path: "authorized_keys",
 					},
 				},
-				DefaultMode: ptr.To(int32(0644)),
+				DefaultMode: ptr.To(int32(420)),
 			},
 		},
 	}