Ask Your Question
3

Is it possible to create instance with multiple SSH keys?

asked 2015-09-24 07:10:59 -0600

rozie gravatar image

updated 2015-09-25 09:19:49 -0600

When running nova boot from CLI, --key-name can be specified. Looks like there can only be one (only one seems to be used). Is it possible - in any reasonable way[1] - to create assign more than one SSH key to an instance? Don't have to be with nova boot command, can be any other way (another command, API etc.).

[1] Hacks like creation of a key which consist of two keys is not an option here.

UPDATE: Reported a bug for this feature: https://bugs.launchpad.net/nova/+bug/...

edit retag flag offensive close merge delete

Comments

Why do you consider putting two SSH keys into one nova key-pair a hack? That looks to me like a proper, easy solution.

j-harbott gravatar imagej-harbott ( 2015-09-24 08:19:44 -0600 )edit

It does not scale. Consider having 10 users (keys) and wanting to assign different set of their keys to different instances: first instance - keys 1 and 2, second - keys 2, 3, 4, third - keys 1, 3, 4 etc. How many keypairs would I need to create?

rozie gravatar imagerozie ( 2015-09-25 03:50:33 -0600 )edit
add a comment

2 answers

Sort by ยป oldest newest most voted
4

answered 2015-09-25 05:22:29 -0600

dasp gravatar image

updated 2015-09-25 05:24:17 -0600

It is possible via cloud-init for images that support it. In Horizon, you'd feed the following as a user-script (you can do the same via nova boot CLI):

#cloud-config
ssh_authorized_keys:
    - ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAGEA3FSyQwBI6Z+nCSjUUk8EEAnnkhXlukKoUPND/RRClWz2s5TCzIkd3Ou5+Cyz71X0XmazM3l5WgeErvtIwQMyT1KjNoMhoJMrJnWqQPOt5Q8zWd9qG7PBl9+eiH5qV7NZ mykey@host
    - ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA3I7VUf2l5gSn5uavROsc5HRDpZdQueUq5ozemNSj8T7enqKHOEaFoU2VoPgGEWC9RyzSQVeyD6s7APMcE82EtmW4skVEgEGSbDc1pvxzxtchBj78hJP6Cf5TCMFSXw+Fz5rF1dR23QDbN1mkHs7adr8GW4kSWqU7Q7NDwfIrJJtO7Hi42GyXtvEONHbiRPOe8stqUly7MvUoN+5kfjBM8Qqpfl2+FNhTYWpMfYdPUnE7u536WqzFmsaqJctz3gBxH9Ex7dFtrxR4qiqEr9Qtlu3xGn7Bw07/+i1D+ey3ONkZLN+LQ714cgj8fRS4Hj29SCmXp5Kt5/82cD/VN3NtHw== smoser@brickies

You can set as many keys as you wish, they would all apply to the default user (e.g. ubuntu).

To set it via CLI, save the cloud-config script to a ~/user-data.txt file and use: nova boot --user-data ~/user-data.txt [...]

All you can do with #cloud-init: https://bazaar.launchpad.net/~cloud-i...

edit flag offensive delete link more

Comments

This will work, but it's workaround too. I believe if there's a way in nova to set up SSH keys, it should work for any number of keys (or remove this option at all and let's use cloud-config for SSH keys). Bug reported.

rozie gravatar imagerozie ( 2015-09-25 09:23:36 -0600 )edit

Thanks, +1'ed

vincent-legoll gravatar imagevincent-legoll ( 2015-09-29 01:59:57 -0600 )edit
add a comment
2

answered 2015-09-24 12:40:56 -0600

apu123 gravatar image

Here are a couple idea, though I am sure there are better solutions out there:

Option 1: Just add them manually after the instance has launched (add them to .ssh/authorized_keys)?

Option 2: Add a script to the nova boot command with the --user-data option. However, I understand this is a cloud-init only feature, ie for ubuntu VMs. However, the user-data service is still available to a non-cloud-init VM, so you could theoretically write a boot script for your VM that runs every time it boots to check if there is a user-data script waiting for it.

I'm curious what other folks have to say...

edit flag offensive delete link more

Comments

Those are workarounds. Of course they will work, but I guess bug should be reported against Openstack if it does allow only for single key (I'm not sure about this, so that's why I'm asking). Authorized_keys allows for many keys, I see no point in using string instead of array of strings on boot.

rozie gravatar imagerozie ( 2015-09-25 03:53:20 -0600 )edit

Yes, I think you should ask for an enhancement request / bug to allow for multiple "--key-name" options to be specified on command line

vincent-legoll gravatar imagevincent-legoll ( 2015-09-25 04:09:00 -0600 )edit

and put a link here, so that we can go put "+1"s on it ;-)

vincent-legoll gravatar imagevincent-legoll ( 2015-09-25 04:19:16 -0600 )edit

Updated a question with link to bug.

rozie gravatar imagerozie ( 2015-09-25 09:20:16 -0600 )edit
add a comment

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2015-09-24 07:10:59 -0600

Seen: 6,766 times

Last updated: Sep 25 '15

Related questions

How to check what user terminated instance? [closed]

ERROR (CommandError): No server with a name or ID of

How to get instance info on instance termination

Nova Api logs -ERROR nova.api.metadata.handler OperationalError: (pymysql.err.OperationalError) (1040, u'Too many connections') (Background on this error at: http://sqlalche.me/e/e3q8)

nova fails with ImportError: No module named v1_1

Error: Failed to launch instance [Error: No valid host was found. ].

Instance Disk Different with Flavor

Get private IP with CLI

Overcommitting of CPUs on Qemu?

Change of availability zone