Public bug reported: Per documentation at https://wiki.ubuntu.com/GoogleComputeEngineSSHKeys ssh keys for cloudinit and ubuntu users should both be added to the 'ubuntu' users authorized_keys file.
This works fine in Xenial (16.04) and higher, but doesn't work for Trusty (14.04). [REPRODUCE] # create a file that contains ssh public keys $ cat googlekeys test:ssh-rsa <one example key> [email protected] ubuntu:ssh-rsa <a second example key> [email protected] cloudinit:ssh-rsa <a third example key> [email protected] # create an ubuntu 14.04 instance gcloud compute instances create ubuntu1404cloudinit --image-family ubuntu-1404-lts --image-project ubuntu-os-cloud --metadata-from-file =ssh-keys=googlekeys --metadata=block-project-ssh-keys=True # create an ubuntu 16.04 instance gcloud compute instances create ubuntu1604cloudinit --image-family ubuntu-1604-lts --image-project ubuntu-os-cloud --metadata-from-file =ssh-keys=googlekeys --metadata=block-project-ssh-keys=True Notice that the ubuntu user in the ubuntu 14.04 instance contains no keys from cloud-init (the keys there are added by the google daemon): $ sudo cat /home/ubuntu/.ssh/authorized_keys # Added by Google ssh-rsa <the second example key but added by google daemon> [email protected] In 16.04, $ sudo cat /home/ubuntu/.ssh/authorized_keys ssh-rsa <the third example key added by cloud-init> [email protected] ssh-rsa <the second example key added by cloud-init> [email protected] # Added by Google ssh-rsa <the second example key added by the google daemon> [email protected] [EXPECTED BEHAVIOR] The ubuntu and cloudinit keys in metadata should be added to the ubuntu user by cloud-init. ** Affects: cloud-init Importance: Undecided Assignee: Shane Peters (shaner) Status: New ** Tags: sts ** Changed in: cloud-init Assignee: (unassigned) => Shane Peters (shaner) -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to cloud-init. https://bugs.launchpad.net/bugs/1781039 Title: GCE cloudinit and ubuntu keys from metadata to ubuntu authorized_keys Status in cloud-init: New Bug description: Per documentation at https://wiki.ubuntu.com/GoogleComputeEngineSSHKeys ssh keys for cloudinit and ubuntu users should both be added to the 'ubuntu' users authorized_keys file. This works fine in Xenial (16.04) and higher, but doesn't work for Trusty (14.04). [REPRODUCE] # create a file that contains ssh public keys $ cat googlekeys test:ssh-rsa <one example key> [email protected] ubuntu:ssh-rsa <a second example key> [email protected] cloudinit:ssh-rsa <a third example key> [email protected] # create an ubuntu 14.04 instance gcloud compute instances create ubuntu1404cloudinit --image-family ubuntu-1404-lts --image-project ubuntu-os-cloud --metadata-from-file =ssh-keys=googlekeys --metadata=block-project-ssh-keys=True # create an ubuntu 16.04 instance gcloud compute instances create ubuntu1604cloudinit --image-family ubuntu-1604-lts --image-project ubuntu-os-cloud --metadata-from-file =ssh-keys=googlekeys --metadata=block-project-ssh-keys=True Notice that the ubuntu user in the ubuntu 14.04 instance contains no keys from cloud-init (the keys there are added by the google daemon): $ sudo cat /home/ubuntu/.ssh/authorized_keys # Added by Google ssh-rsa <the second example key but added by google daemon> [email protected] In 16.04, $ sudo cat /home/ubuntu/.ssh/authorized_keys ssh-rsa <the third example key added by cloud-init> [email protected] ssh-rsa <the second example key added by cloud-init> [email protected] # Added by Google ssh-rsa <the second example key added by the google daemon> [email protected] [EXPECTED BEHAVIOR] The ubuntu and cloudinit keys in metadata should be added to the ubuntu user by cloud-init. To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-init/+bug/1781039/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
