Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Script for setting an encrypted password on boot
#!/usr/bin/env bash
if ! curl -s -f > $SSH_KEYFILE; then
echo "Failed to get key"
PASSWORD=`openssl rand -base64 48 | tr -d '/+' | cut -c1-16`
sudo usermod ubuntu -p `openssl passwd -1 $PASSWORD`
ssh-keygen -e -f $SSH_KEYFILE -m PKCS8 > $SSL_KEYFILE
ENCRYPTED=`echo "$PASSWORD" | openssl rsautl -encrypt -pubin -inkey $SSL_KEYFILE -keyform PEM | openssl base64 -e -A`
echo $'\n'"ENCRYPTED_PASSWORD:$ENCRYPTED" | sudo tee /dev/console
curl -X POST -d $ENCRYPTED || true
# get the script
# curl -sOL
# add keypair
# nova add-key --pub-key .ssh/ mykey
# boot instance
# nova boot --flavor <flavor-id> --image <image-uuid> --key-name mykey --user-data test
# Get the password on the client side:
# nova get-password test .ssh/id_rsa
# Or with an older nova install:
# nova console-log test | grep 'ENCRYPTED_PASSWORD' | cut -d':' -f2 | tail -n 1 | openssl base64 -d -A | openssl rsautl -decrypt -inkey .ssh/id_rsa
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.