search

coreos / bugs

Issue tracker for CoreOS Container Linux
https://coreos.com/os/eol/
146 stars 30 forks source link

ssh_authorized_keys, hostname, manage_etc_hosts, users are unrecognized keys and not be applied #770

Closed crawford closed 9 years ago

crawford commented 9 years ago

Issue by DJviolin Monday Sep 22, 2014 at 09:13 GMT Originally opened as https://github.com/coreos/coreos-cloudinit/issues/237

I have the "Insecure" Coreos 444.0.0 vmware image in Workstation 10.

This sections bugs me, when I try to use cloud-config.yaml:

2014/09/22 08:57:06 Warning: unrecognized key "ssh_authorized_keys" in coreos section of provided cloud config - ignoring
2014/09/22 08:57:06 Warning: unrecognized key "hostname" in coreos section of provided cloud config - ignoring
2014/09/22 08:57:06 Warning: unrecognized key "manage_etc_hosts" in coreos section of provided cloud config - ignoring
2014/09/22 08:57:06 Warning: unrecognized key "users" in coreos section of provided cloud config - ignoring

The command looks like this:

$ sudo coreos-cloudinit --from-url="http://somewebsiteurl.com/vmware/cloud-config.yaml"

cloud-config.yaml looks like this:

#cloud-config

coreos:
    etcd:
        name: lantivm01
    # generate a new token for each unique cluster from https://discovery.etcd.io/new
        discovery: https://discovery.etcd.io/XXXXXc43d6bXXXXX1e0XXXXX443XXXXX
    # multi-region deployments, multi-cloud deployments, and droplets without
    # private networking need to use $public_ipv4
        # addr: $public_ipv4:4001
        # peer-addr: $private_ipv4:7001
    # fleet:
        # public-ip: $public_ipv4   # used for fleetctl ssh command
    update:
        reboot-strategy: best-effort
    units:
      - name: etcd.service
        command: start
      - name: fleet.service
        command: start
    ssh_authorized_keys:
      - ssh-rsa AAAAB3NzaC1yc2EAAAAB...........
    hostname: lantivm01
    manage_etc_hosts: localhost
    users:
      - name: core
        lock-passwd: true

Thank You for your help!

crawford commented 9 years ago

Comment by crawford Monday Sep 22, 2014 at 16:28 GMT

Those keys that CloudInit is warning you about are in the wrong place. Your config should look like:

#cloud-config

coreos:
    etcd:
        name: lantivm01
    # generate a new token for each unique cluster from https://discovery.etcd.io/new
        discovery: https://discovery.etcd.io/XXXXXc43d6bXXXXX1e0XXXXX443XXXXX
    # multi-region deployments, multi-cloud deployments, and droplets without
    # private networking need to use $public_ipv4
        # addr: $public_ipv4:4001
        # peer-addr: $private_ipv4:7001
    # fleet:
        # public-ip: $public_ipv4   # used for fleetctl ssh command
    update:
        reboot-strategy: best-effort
    units:
      - name: etcd.service
        command: start
      - name: fleet.service
        command: start
ssh_authorized_keys:
  - ssh-rsa AAAAB3NzaC1yc2EAAAAB...........
hostname: lantivm01
manage_etc_hosts: localhost
users:
  - name: core
    lock-passwd: true

Also, users.lock-passwd isn't a supported option.

crawford commented 9 years ago

Comment by DJviolin Monday Sep 22, 2014 at 19:26 GMT

Thank You! It worked perfectly! :)

Is there a way to turn off the password login? When I try this method: https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys--2

$ sudo vi /etc/ssh/sshd_config and change this line: PermitRootLogin without-password

I don't have permission to do it. :(

crawford commented 9 years ago

Comment by crawford Monday Sep 22, 2014 at 20:21 GMT

/etc/ssh/sshd_config is a symlink into /usr. You need to overwrite that symlink with an actual file. The write_files section of the config is smart enough to do this.

crawford commented 9 years ago

Comment by DJviolin Monday Sep 22, 2014 at 20:40 GMT

Thank You again!

Is it correct?

write_files:
  - path: /usr
    permissions: 0644
    owner: root
    content: |
      PermitRootLogin without-password

Edit: What file exactly I need to create in the /usr folder or under subfolders? I need to create an sshd_config file under /usr?

Can I use this example code from CoreOS doc for make only a paswordless, SSH logi?

write_files:
  - path: /etc/ssh/sshd_config
    permissions: 0600
    owner: root:root
    content: |
      # Use most defaults for sshd configuration.
      UsePrivilegeSeparation sandbox
      Subsystem sftp internal-sftp

      PermitRootLogin no
      AllowUsers core
      PasswordAuthentication no
      ChallengeResponseAuthentication no
crawford commented 9 years ago

Comment by crawford Monday Sep 22, 2014 at 21:02 GMT

The config from the docs is correct.

crawford commented 9 years ago

Comment by DJviolin Monday Sep 22, 2014 at 21:04 GMT

Thank You all of your help!

crawford commented 9 years ago

Comment by DJviolin Monday Sep 22, 2014 at 21:12 GMT

Now some reason I can't SSH in, I got this error: Permission denied (publickey).

When I try: $ Sudo ssh-add -l In VMware, I got this: Could not open a connection to your authentication agent.