Closed crawford closed 9 years ago
Comment by crawford Monday Sep 22, 2014 at 16:28 GMT
Those keys that CloudInit is warning you about are in the wrong place. Your config should look like:
#cloud-config
coreos:
etcd:
name: lantivm01
# generate a new token for each unique cluster from https://discovery.etcd.io/new
discovery: https://discovery.etcd.io/XXXXXc43d6bXXXXX1e0XXXXX443XXXXX
# multi-region deployments, multi-cloud deployments, and droplets without
# private networking need to use $public_ipv4
# addr: $public_ipv4:4001
# peer-addr: $private_ipv4:7001
# fleet:
# public-ip: $public_ipv4 # used for fleetctl ssh command
update:
reboot-strategy: best-effort
units:
- name: etcd.service
command: start
- name: fleet.service
command: start
ssh_authorized_keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAAB...........
hostname: lantivm01
manage_etc_hosts: localhost
users:
- name: core
lock-passwd: true
Also, users.lock-passwd isn't a supported option.
Comment by DJviolin Monday Sep 22, 2014 at 19:26 GMT
Thank You! It worked perfectly! :)
Is there a way to turn off the password login? When I try this method: https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys--2
$ sudo vi /etc/ssh/sshd_config and change this line: PermitRootLogin without-password
I don't have permission to do it. :(
Comment by crawford Monday Sep 22, 2014 at 20:21 GMT
/etc/ssh/sshd_config is a symlink into /usr. You need to overwrite that symlink with an actual file. The write_files
section of the config is smart enough to do this.
Comment by DJviolin Monday Sep 22, 2014 at 20:40 GMT
Thank You again!
Is it correct?
write_files:
- path: /usr
permissions: 0644
owner: root
content: |
PermitRootLogin without-password
Edit: What file exactly I need to create in the /usr folder or under subfolders? I need to create an sshd_config file under /usr?
Can I use this example code from CoreOS doc for make only a paswordless, SSH logi?
write_files:
- path: /etc/ssh/sshd_config
permissions: 0600
owner: root:root
content: |
# Use most defaults for sshd configuration.
UsePrivilegeSeparation sandbox
Subsystem sftp internal-sftp
PermitRootLogin no
AllowUsers core
PasswordAuthentication no
ChallengeResponseAuthentication no
Issue by DJviolin Monday Sep 22, 2014 at 09:13 GMT Originally opened as https://github.com/coreos/coreos-cloudinit/issues/237
I have the "Insecure" Coreos 444.0.0 vmware image in Workstation 10.
This sections bugs me, when I try to use cloud-config.yaml:
The command looks like this:
cloud-config.yaml looks like this:
Thank You for your help!