Wish design to support SSH login VM without password, but it is up to OS vendor support

[TrumanLing]

I created machine on openstack, but it needs password input, like below message. Thus, it is not convinient to deploy VM at real engineering environment.

console docker@host-xxx-xxx-xx-xxx:~/xxx$ sudo ./docker-machine_linux-amd64 -D create -d openstack --openstack-insecure --openstack-auth-url=https://xxx.xxx.xxx.xxx.xxx:443/identity/v2.0 --openstack-username=xxx --openstack-password=xxx --openstack-tenant-id=1234567890 --openstack-tenant-name=xxx --openstack-flavor-id=123 --openstack-image-id=xxxx --openstack-region=xxx --openstack-net-id=xxx dockermachine DEBU[0000] Instantiating OpenStack driver... caCert=/home/docker/.docker/machine/certs/ca.pem machineName=dockermachine privateKey=/home/docker/.docker/machine/certs/ca-key.pem storePath=/home/docker/.docker/machine/machines/dockermachine DEBU[0000] Creating Key Pair... Name=dockermachine-xxx DEBU[0000] executing: /usr/bin/ssh-keygen ssh-keygen -t rsa -N -f /home/docker/.docker/machine/machines/dockermachine/id_rsa

Generating public/private rsa key pair. Your identification has been saved in /home/docker/.docker/machine/machines/dockermachine/id_rsa. Your public key has been saved in /home/docker/.docker/machine/machines/dockermachine/id_rsa.pub. The key fingerprint is: a7:a0:83:54:3f:c5:63:83:9d:fe:ef:ad:1c:6b:1b:ca root@host-xxx-xxx-xxx-xxx The key's randomart image is: +--[ RSA 2048]----+ | | | + . | | . . O | | . . + o | | . + S . | | . . . o + | | . o . . o | | . . +.= | | EoBo. | +-----------------+ DEBU[0000] Authenticating... AuthUrl=https://xxx.xxx.xxx.xxx.xxx:443/identity/v2.0 Insecure=true TenantID=1234567890 TenantName=xxx Username=xxx DEBU[0001] Creating OpenStack instance... FlavorId=123 ImageId=xxx INFO[0001] Creating machine... DEBU[0002] Waiting for the OpenStack instance to be ACTIVE... MachineId=xxx DEBU[2027] Looking for the IP address... MachineId=xxx DEBU[2027] IP address found IP=xxx.xxx.xxx.xxx MachineId=xxx DEBU[2027] Waiting for the SSH server to be started... IP=xxx.xxx.xxx.xxx MachineId=xxx DEBU[2027] Getting to WaitForSSH function... DEBU[2027] executing: ssh -o IdentitiesOnly=yes -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=quiet -p 22 -i /home/docker/.docker/machine/machines/dockermachine/id_rsa root@xxx.xxx.xxx.xxx exit 0 root@xxx.xxx.xxx.xxx's password: DEBU[2269] Error running ssh command 'exit 0' : exit status 255 DEBU[2272] Getting to WaitForSSH function... DEBU[2272] executing: ssh -o IdentitiesOnly=yes -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=quiet -p 22 -i /home/docker/.docker/machine/machines/dockermachine/id_rsa root@xxx.xxx.xxx.xxx exit 0 root@xxx.xxx.xxx's password: DEBU[2314] executing: ssh -o IdentitiesOnly=yes -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=quiet -p 22 -i /home/docker/.docker/machine/machines/dockermachine/id_rsa root@xxx.xxxx.xxx.xxx cat /etc/os-release root@xxx.xxx.xxx.xxx's password: DEBU[2358] executing: ssh -o IdentitiesOnly=yes -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=quiet -p 22 -i /home/docker/.docker/machine/machines/dockermachine/id_rsa root@xxx.xxx.xxx.xxx sudo hostname dockermachine && echo "dockermachine" | sudo tee /etc/hostname && echo "127.0.0.1 dockermachine" | sudo tee -a /etc/hosts root@xxx.xxx.xxx.xxx's password: sudo: unable to resolve host dockermachine dockermachine sudo: unable to resolve host dockermachine 127.0.0.1 dockermachine DEBU[2446] executing: ssh -o IdentitiesOnly=yes -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=quiet -p 22 -i /home/docker/.docker/machine/machines/dockermachine/id_rsa root@xxx.xxx.xxx.xxx DEBIAN_FRONTEND=noninteractive sudo -E apt-get install -y curl root@xxx.xxx.xxx.xxx's password: Reading package lists... Building dependency tree... Reading state information... curl is already the newest version. 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. DEBU[2555] executing: ssh -o IdentitiesOnly=yes -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=quiet -p 22 -i /home/docker/.docker/machine/machines/dockermachine/id_rsa root@xxx.xxx.xxx.xxx if ! type docker; then curl -sSL https://get.docker.com | sh -; fi root@xxx.xxx.xxx.xxx's password: docker is /usr/bin/docker DEBU[2613] generating server cert: /home/docker/.docker/machine/machines/dockermachine/server.pem ca-key=/home/docker/.docker/machine/certs/ca.pem private-key=/home/docker/.docker/machine/certs/ca-key.pem org=dockermachine DEBU[2614] executing: ssh -o IdentitiesOnly=yes -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=quiet -p 22 -i /home/docker/.docker/machine/machines/dockermachine/id_rsa root@xxx.xxx.xxx.xxx sudo service docker stop root@xxx.xxx.xxx.xxx's password: docker: unrecognized service ERRO[2739] Error creating machine: exit status 1 WARN[2739] You will want to check the provider to make sure the machine and associated resources were properly removed. FATA[2739] Error creating machine

I want to refer the design based on boot2docker and virtualbox driver, and implement that in our own system. Originally, I want to implement a common design and let you help me review, but now, I think it is not easy to come true, it needs OS vendor's support. virtualbox driver has implemented that, because boot2docker is designed by OS vendor, that to say, yourself, to copy id_rsa.pub into vmdisk and finally copy to ~/.ssh. How about your idea?  

[ggiamarchi]

Actually, the OpenStack driver already implements the deployment of the SSH key on the machine. On your command line you did not provide the flag --openstack-ssh-user, that means docker-machine will use the user root to SSH into the machine. Are you sure you can log in with root on your machine ? Often in cloud images, remote login with root is not possible.

Can you check :

• If you can SSH the machine with the command ssh -i /home/docker/.docker/machine/machines/dockermachine/id_rsa roo@xxx.xxx.xxx.xxx
• If the nova instance has been created with a keypair

[TrumanLing]

@ggiamarchi thx for your reponse. Generally, root can not be permitted to access, but the environment I used is just a test environment and don't make strict policy for user SSH login. Below lines are the result I checked for your two questions： For the 1st one, it outputted like below, and it shows root has logined into the machine.

console docker@host-xxx-xxx-xxx-xxx:~/xxx$ sudo ssh -i /home/docker/.docker/machine/machines/dockermachine/id_rsa root@xxx.xxx.xxx.xxx [sudo] password for docker: The authenticity of host 'xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx)' can't be established. ECDSA key fingerprint is cf:b0:08:f1:6a:f0:dd:e8:3d:5c:aa:65:2c:91:08:77. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'xxx.xxx.xxx.xxx' (ECDSA) to the list of known hosts. root@xxx.xxx.xxx.xxx's password: Welcome to Ubuntu 14.04 LTS (GNU/Linux 3.13.0-24-generic x86_64)

• Documentation: https://help.ubuntu.com/

  System information as of Mon Apr 13 18:04:40 CST 2015

  System load: 0.0 Processes: 360 Usage of /: 5.4% of 74.44GB Users logged in: 1 Memory usage: 8% IP address for eth0: xxx.xxx.xxx.xxx Swap usage: 0%

  Graph this data and manage this system at: https://landscape.canonical.com/

Last login: Mon Apr 13 18:04:45 2015 from host-xxx-xxx-xxx-xxx.openstacklocal

For the 2nd one, it outputted as following

``` console```
xxx@C8018E13-D21D-B211-9630-000000821800:/> sudo nova keypair-list
+-----------------------------------------------------------------------------------+-------------------------------------------------+
| Name                                                                              | Fingerprint                                     |
+-----------------------------------------------------------------------------------+-------------------------------------------------+
| dockermachine-8ccd59e096be16527c6aa38e9266d58513c7021341175f799c6229a857c3ce4a | 6b:d4:29:fc:54:22:ba:37:68:99:5b:f3:47:88:a3:ed |

and below are messages for creating the VM, which are including the keypare name and fingerprint, they are matched to those listed by commandnova keypare-list

console DEBU[0000] Creating Key Pair... Name=dockermachine-8ccd59e096be16527c6aa38e9266d58513c7021341175f799c6229a857c3ce4a DEBU[0000] executing: /usr/bin/ssh-keygen ssh-keygen -t rsa -N -f /home/docker/.docker/machine/machines/dockermachine/id_rsa

Generating public/private rsa key pair. Your identification has been saved in /home/docker/.docker/machine/machines/dockermachine/id_rsa. Your public key has been saved in /home/docker/.docker/machine/machines/dockermachine/id_rsa.pub. The key fingerprint is: 6b:d4:29:fc:54:22:ba:37:68:99:5b:f3:47:88:a3:ed root@host-xxx-xxx-xxx-xxx