Back to the original discussion. We should document some new information/requirements around SSH keys, particularly when it comes to bootstrapping. Bootstrap now requires you to be able to ssh to the bootstrapped machine. The machine's ~/.ssh/authorized_keys file is initialised depending on how you configure authorized-keys/authorized-keys-path in your environment config.
When you first use the Juju CLI, it will create a new directory ~/.juju/ssh. In this directory, a new keypair is generated. When you bootstrap an environment, _if you do not specify authorized-keys_, the auto-generated public key will be implicitly added to the environment's authorized-keys along with the defaults (~/.ssh/id_rsa.pub, etc.) If you specify authorized-keys, then the auto-generated public key will *not* be added. If you specify authorized-keys, you must ensure that your corresponding private key(s) will be picked up by a call to "ssh" when connecting to a machine in the cloud environment, or bootstrap will fail. There are several ways to get ssh to pick it up: * specify the identity (private key) file in your ~/.ssh/config * copy/symlink the identity file into ~/.juju/ssh; all private keys in this directory will be attempted * add the identity file to your ssh-agent (ssh-add <identity-file>). After an environment is bootstrapped, you can now use the "juju authorised-keys" commands to manage authorised keys across all machines in the environment. Cheers, Andrew On Fri, Jan 31, 2014 at 1:58 PM, Andrew Wilkins < [email protected]> wrote: > Hi Nick, > > https://juju.ubuntu.com/docs/getting-started.html > > On the Intro/Getting Started page for Juju, we say that you *need* to > generate an SSH key pair. This is no longer true in 1.17.x: Juju will > generate one for you. Juju will continue to upload the default public keys > from ~/.ssh, but they are no longer absolutely required. > > I'm not sure if we should reword the docs or not, but thought I should at > least bring this to your attention. CC'ing the dev list in case someone > has an opinion. > > Cheers, > Andrew >
-- Juju-dev mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev
