Score:2

How to use ssh_import_id with cloud-init on Raspberry Pi 4 /w Ubuntu 20.04 Server?

cn flag
mtg

I'm looking to automatically setup up my SSH keys on a fresh Ubuntu Server 20.04 install on a Raspberry Pi 4 - mostly as a learning exercise. I'm trying to use the ssh_import_id option of cloud-init to pull my SSH public key from my GitHub account and add it to ~/.ssh/authorized_keys for the pi user.

I cannot seem to get the ssh_import_id config to kick in. The ~/.ssh directory is never made for the pi user, and there are no logs relating to anything to do with pulling a key from GitHub/ssh_import_id in /var/logs/cloud-init.log or /var/log/cloud-init-output.log.

The current contents of my user-dataon the root of the SD card:

  - name: pi
    groups: [sudo]
    sudo: ALL=(ALL) NOPASSWD:ALL
    ssh_import_id: # import public key from github
      - gh:my_cool_github_account
    lock_passwd: true # disable password login

Everything works fine if I input the public key manually using ssh_authorized_keys, which will suit my workflow but I'm hoping to get the GitHub thing setup as it's snazzy.

My understanding of cloud-init is definitely a little basic, so I may have missed something. I'm triggering changes by running cloud-init clean and then cloud-init init, which feels like it's running fine as it's remaking users/general bits/the root ssh keys and fingerprint.

I'm presumably also using the NoCloud datasource.

Can anyone help me figure out what I'm doing wrong?

Score:1
th flag

Is that only a snippet of your user data? If not, you also need the #cloud-config header and users:. Something like this should work:

#cloud-config
users:
  - name: pi
    groups: [sudo]
    sudo: ALL=(ALL) NOPASSWD:ALL
    ssh_import_id:
      - gh:torvalds
    lock_passwd: true

I just tested and found the key in /home/pi/.ssh/authorized_keys. You're sure the github user you're trying to import has keys located at https://github.com/settings/keys?

/var/log/cloud-init.log contains:

2021-08-09 13:56:24,302 - helpers.py[DEBUG]: Running config-ssh-import-id using lock (<FileLock using file '/var/lib/cloud/instances/me/sem/config_ssh_import_id'>)
2021-08-09 13:56:24,302 - cc_ssh_import_id.py[DEBUG]: Importing SSH ids for user pi.
2021-08-09 13:56:24,302 - subp.py[DEBUG]: Running command ['sudo', '-Hu', 'pi', 'ssh-import-id', 'gh:torvalds'] with allowed return codes [0] (shell=False, capture=False)
Score:0
jo flag

Try to:

users:
  - name: pi
    ssh_authorized_keys:
      - ssh-rsa <your key here>

That should put your key in the .ssh/authorized_keys file of the pi user

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.