-
-
Save w3cj/cdd447b1a10ce741e4ee968fa6b75553 to your computer and use it in GitHub Desktop.
# This config was written for Ubuntu 22.04 | |
# If you are using a more recent version, see the comments of this gist for fixes | |
#cloud-config | |
users: | |
- name: cj | |
ssh_authorized_keys: | |
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBlfqermlV44zAU+iTCa5im5O0QWXid6sHqh2Z4L1Cm cj@null.computer" | |
sudo: ALL=(ALL:ALL) ALL | |
groups: sudo | |
shell: /bin/bash | |
chpasswd: | |
expire: true | |
users: | |
- name: cj | |
password: changeme | |
type: text | |
runcmd: | |
- sed -i '/PermitRootLogin/d' /etc/ssh/sshd_config | |
- echo "PermitRootLogin without-password" >> /etc/ssh/sshd_config | |
- sed -i '/PubkeyAuthentication/d' /etc/ssh/sshd_config | |
- echo "PubkeyAuthentication yes" >> /etc/ssh/sshd_config | |
- sed -i '/PasswordAuthentication/d' /etc/ssh/sshd_config | |
- echo "PasswordAuthentication no" >> /etc/ssh/sshd_config | |
- systemctl restart sshd | |
- echo "\$nrconf{kernelhints} = -1;" > /etc/needrestart/conf.d/99disable-prompt.conf | |
- apt update | |
- apt upgrade -y --allow-downgrades --allow-remove-essential --allow-change-held-packages | |
- reboot |
The server kept asking me for my password. @adrnd's solution worked for me.
If I restart the server, I get
root@[xxx.xxxx.xxx.xxx]: Permission denied (publickey).
Did you set the permissions right?
chmod -R 644 ~/.ssh/your_key.pub
chmod -R 600 ~/.ssh/authorized_keys
An alternative to @adrnd solution would be to create an ssh config entry like the following:
Host my_awesome_server
HostName xxx.xxx.xxx.xxx
User <YOUR_USER_NAME_SPECIFIED_IN_CLOUD_CONFIG>
Port 22
IdentityFile ~/.ssh/<PRIVATE_KEY_FILE>
And then run ssh my_awesome_server
. This should enforce a user login on the given IP to use your public/private key for authentication. Make sure to also follow @swrrvr suggestion to add systemctl restart ssh || systemctl restart sshd
to the cloud config. in line 22
Here's an updated version for ubuntu 24.04: https://gist.github.com/dziamid/0de2761e0ecc4b3e68e2461c60f82930
I am struggling with getting a new public key stored in known_hosts
locally when trying to run ssh root@{ip-adress}
rather than the public key I set in cloud.init
script. Using @dziamid new file for Ubuntu 24.04, also added the systemctl restart ssh || systemctl restart sshd
, does anyone know why this happens?
I also left out one small (huge) detail. On line 21 of cloud-init.yml, I also happened to have changed
"PasswordAuthentication no"
to"PasswordAuthentication yes"
.Thus, conveniently disabling PasswordAuthentication, enabling access to the server (my mistake).
One could simply pipe
echo "PasswordAuthentication no" >> /etc/ssh/sshd_config
back into the session once connected, then wait for the system to reboot and then ssh back in. (unless you are plan adding a new server through Coolify I'd highly recommend doing that well after your new server is configured.)I'm also testing @adrnd method to ssh into the session using
ssh -o "IdentitiesOnly=yes" -i ~/.ssh/id_ed25519 root@serveripaddress
, will follow up here.