Ask Your Question
0

Best way to incorporate multiple SSH key pairs into VM's?

asked 2015-06-07 14:14:10 -0500

slmingol gravatar image

updated 2015-06-07 14:22:27 -0500

I'm familiar with the ability to add an SSH key under a user's Access & Security section of the Horizon dashboard, but I'm looking for an alternative method which would allow me as the administrator of all the VM's within an OpenStack environment to be able to include my SSH pub key in addition to any others that user's will include into VM's that spin up within the various tenants/projects.

Ideally this method would allow me to have my key included from my Access & Security settings as well as part of the cloud-init when the VM's are created.

Right now we have a SSH pub key that's essentially baked into the Glance images that are used, but I don't like that method and was looking for alternatives that are easier to maintain and more flexible. I should also note that all our VMs are provisioned with random root passwords, and setting it to a known password isn't something we're interested in doing either.

Interesting leads

  • https://www.redhat.com/archives/libguestfs/2014-November/msg00002.html ([Libguestfs] [PATCH] customize: Add --ssh-inject option for injecting SSH keys.)
  • https://ask.openstack.org/en/question/61288/add-keypair-to-existing-instance/ (Add keypair to existing Instance using guestfish to mod VHD img file)
edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted
0

answered 2015-06-07 19:34:10 -0500

don gravatar image

or make the cmd line be something like:

curl http://my-secure-pub-key-location >> /home/clouduser/.ssh/authorized_keys

so you can change it in the future. Make sure that location is secure tho :)

you can add this to heat as well in the user_data section.

edit flag offensive delete link more

Comments

Can you elaborate on this a bit more? I'm not quite following what you're suggesting.

slmingol gravatar imageslmingol ( 2015-06-07 20:08:40 -0500 )edit
0

answered 2015-06-07 19:20:44 -0500

jdexter gravatar image

The quickest easiest way is if you are using cloud-init on your vms, to add a cmdline to add your ssh-pub-key to the authorized list.

edit flag offensive delete link more

Comments

What about for VM's that are being created by user's other than me?

slmingol gravatar imageslmingol ( 2015-06-07 20:06:52 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2015-06-07 14:14:10 -0500

Seen: 2,391 times

Last updated: Jun 07 '15