I previously published a way to add an SSH Key to a CoreOS Droplet. It is quite complicated. However, I neglected to realize that after CoreOS is up and running, I can just add entries in ~/.ssh/authorized_keys. Doh.
1. ssh core@your_coreos_machine
2. scp you@your_ssh_client cat ~/.ssh/id_rsa.pub >> .ssh/authorized_keys
All done. Well, almost. This is a temporary measure. The authorized_keys file is overwritten by the contents of the ssh_keys section of cloud-config.yaml, which has been squirreled away during the install. It cannot be changed.
However, it is possible to use a "config drive" to add authorized_keys to CoreOS. The clues are posted here:
https://coreos.com/os/docs/latest/cloud-config.html
and here:
https://coreos.com/os/docs/1423.0.0/config-drive.html
Here's a useful script to generate the .iso file:
#!/bin/bash
(
echo "#cloud-config"
echo "ssh_authorized_keys:"
echo " - $(cat ~/.ssh/id_rsa.pub)"
echo " - $(cat small_id_rsa.pub)"
echo " - $(cat localhost_id_rsa.pub)"
) > user_data
mkdir -p /tmp/new-drive/openstack/latest
cp user_data /tmp/new-drive/openstack/latest/user_data
#mkisofs -R -V config-2 -o configdrive.iso /tmp/new-drive
hdiutil makehybrid -iso -joliet -default-volume-name config-2 -o configdrive.iso /tmp/new-drive
rm -r /tmp/new-drive
Note:
To add an SSH Key you must:
- remove .ssh/authorized_keys.d/coreos-cloudinit
- stop the VM
- make a new configdrive.iso with the new keys in it
- start the VM