I previously published a way to add an SSH Key to a CoreOS Droplet. It is quite complicated. However, I neglected to realize that after CoreOS is up and running, I can just add entries in ~/.ssh/authorized_keys. Doh.

1. ssh core@your_coreos_machine
2. scp you@your_ssh_client cat ~/.ssh/id_rsa.pub >> .ssh/authorized_keys

All done. Well, almost. This is a temporary measure. The authorized_keys file is overwritten by the contents of the ssh_keys section of cloud-config.yaml, which has been squirreled away during the install. It cannot be changed.

However, it is possible to use a "config drive" to add authorized_keys to CoreOS. The clues are posted here:


and here:


Here's a useful script to generate the .iso file:


echo "#cloud-config"
echo "ssh_authorized_keys:"
echo "  - $(cat ~/.ssh/id_rsa.pub)"
echo "  - $(cat small_id_rsa.pub)"
echo "  - $(cat localhost_id_rsa.pub)"
) > user_data

mkdir -p /tmp/new-drive/openstack/latest
cp user_data /tmp/new-drive/openstack/latest/user_data
#mkisofs -R -V config-2 -o configdrive.iso /tmp/new-drive
hdiutil makehybrid -iso -joliet -default-volume-name config-2 -o configdrive.iso /tmp/new-drive
rm -r /tmp/new-drive

To add an SSH Key you must:

  1. remove .ssh/authorized_keys.d/coreos-cloudinit
  2. stop the VM
  3. make a new configdrive.iso with the new keys in it
  4. start the VM