You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by Jeroen Keerl <je...@keerl-it.com> on 2016/09/18 20:07:20 UTC

create templates that support SSH keys - CentOS6 bug

Hi,

I've been spending some time with 4.9 and its documentation online now, and
I've come across a few glitches or missing information.
	
One of the most unnerving things I found out is a bug in CentOS 6, which
cost me a lot of time:
When trying to create a template with CentOS 6.8 with SSH authentication, my
instances kept asking me for the root password, even after manually
providing the ssh key files etc.

After a bit of research, I found a website (
http://www.firedaemon.com/blog/passwordless-root-ssh-public-key-authenticati
on-on-centos-6 ) where a workaround was provided:
Issuing a 'restorecon -R -v /root/.ssh' on the instance from which you're
about to make a template (See Doc "Working with Virtual Machines" ) will
restore the security contexts for the files in the .ssh folder
*Note: This issue will only occur, if selinux is still set to enforcing

Apart from that:
On the site "Working with virtual machines", it is still noted, that you
cannot create instances from templates with the SSH authentication enabled.

I'm not sure, if I just got lucky, or if this is amiss, but I can actually
deploy new VMs from the template with SSH auth enabled.

So, here's what I did (I'll leave out the numerous trials and errors for
you... )

1) Create a new VM from ISO
2) Prepared it as written in the documentation  "Creating an Instance
Template that Supports SSH Keys" and shutdown the VM, then created the
template
(and issued 'restorecon -R -v /root/.ssh' as well, for CentOS)
3) Created a new SSH key pair in the web GUI under "User Accounts -SSH Key
Pairs" and copied the private key (which is only shown directly after
creation. Do not refresh here, before you copied the private key in notepad
etc.)
4) Created a new file, named exactly as the key pair is named in the GUI (!)
under /root/.ssh and changed rights after that with chmod 600
5) created a new instance in the web GUI with the newly created keypair and
template

New instance is created and I can login to it with ssh -i ~/.ssh/%keyname%
%ipaddress%







JeroenKeerl


Keerl IT Services GmbH
Birkenstraße 1b. 21521 Aumühle

+49 177 6320 317

www.keerl-it.com
info@keerl-it.com

Geschäftsführer. Jacobus J. Keerl
Registergericht Lubeck. HRB-Nr. 14511

Unsere Allgemeine Geschäftsbedingungen finden Siehier.