Configure SSH and SSH keys (original) (raw)

View this page

Toggle table of contents sidebar

For a full list of keys, refer to the SSH module schema.

General example¶

1#cloud-config 2allow_public_ssh_keys: true 3disable_root: true 4disable_root_opts: no-port-forwarding,no-agent-forwarding,no-X11-forwarding 5ssh_authorized_keys: [ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAGEA3FSyQwBI6Z+nCSjUU ..., ssh-rsa 6 AAAAB3NzaC1yc2EAAAABIwAAAQEA3I7VUf2l5gSn5uavROsc5HRDpZ ...] 7ssh_deletekeys: true 8ssh_genkeytypes: [rsa, ecdsa, ed25519] 9ssh_keys: {rsa_certificate: 'ssh-rsa-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQt 10 ... 11 12 ', rsa_private: '-----BEGIN RSA PRIVATE KEY----- 13 14 MIIBxwIBAAJhAKD0YSHy73nUgysO13XsJmd4fHiFyQ+00R7VVu2iV9Qco 15 16 ... 17 18 -----END RSA PRIVATE KEY----- 19 20 ', rsa_public: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAGEAoPRhIfLvedSDKw7Xd ...} 21ssh_publish_hostkeys: 22 blacklist: [rsa] 23 enabled: true 24ssh_quiet_keygen: true

Configure instance’s SSH keys¶

#cloud-config ssh_authorized_keys:

• ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAGEyQwBI6Z+nCSU... mykey@host
• ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEVUf2l5gSn5uR... smoser@brickies ssh_keys: rsa_private: | -----BEGIN RSA PRIVATE KEY----- MIIBxwIBAAJhAKD0YSHy73nUgysO13XsJmd4fHiFyQ+0Qcon2LZS/x... -----END RSA PRIVATE KEY----- rsa_public: ssh-rsa AAAAB3NzaC1AAAABIwAAAGEAoPRh... smoser@localhost no_ssh_fingerprints: false ssh: emit_keys_to_console: false

Import SSH ID¶

This example imports SSH keys from:

• GitHub (gh:)
• A public keyserver (in this case, Launchpad, lp:)

Keys are referenced by the username they are associated with on the keyserver.

For a full list of keys, refer to theSSH import ID module schema. You may also find it helpful to consult the manual page.

1#cloud-config 2ssh_import_id: [user, 'gh:user', 'lp:user']

Log fingerprints of user SSH keys¶

Writing the fingerprints of authorized user keys to logs is enabled by default.

For a full list of keys, refer to theSSH authkey fingerprints moduleschema.

Do not write SSH fingerprints¶

This example prevents SSH fingerprints from being written. The default isfalse.

1#cloud-config 2no_ssh_fingerprints: true

Configure hash type¶

This example configures the hash type to be sha512 instead of the defaultsha256.

1#cloud-config 2authkey_hash: sha512

Control SSH key printing to console¶

By default, all supported host keys (and their fingerprints) are written to the console, but for security reasons, this may not be desirable.

These examples show you how to prevent SSH host keys from being written out. For a full list of keys, refer to thekeys to console module schema.

Do not print any SSH keys¶

1#cloud-config 2ssh: 3 emit_keys_to_console: false

Do not print specific key types¶

1#cloud-config 2ssh_key_console_blacklist: [rsa]

Do not print specific fingerprints¶

1#cloud-config 2ssh_fp_console_blacklist: 3- E25451E0221B5773DEBFF178ECDACB160995AA89 4- FE76292D55E8B28EE6DB2B34B2D8A784F8C0AAB0