Juju Docs - SSH key requirements
Andrew Wilkins
andrew.wilkins at canonical.com
Wed Feb 5 05:30:12 UTC 2014
Back to the original discussion.
We should document some new information/requirements around SSH keys,
particularly when it comes to bootstrapping. Bootstrap now requires you to
be able to ssh to the bootstrapped machine. The machine's
~/.ssh/authorized_keys file is initialised depending on how you configure
authorized-keys/authorized-keys-path in your environment config.
When you first use the Juju CLI, it will create a new directory
~/.juju/ssh. In this directory, a new keypair is generated. When you
bootstrap an environment, _if you do not specify authorized-keys_, the
auto-generated public key will be implicitly added to the environment's
authorized-keys along with the defaults (~/.ssh/id_rsa.pub, etc.)
If you specify authorized-keys, then the auto-generated public key will
*not* be added. If you specify authorized-keys, you must ensure that your
corresponding private key(s) will be picked up by a call to "ssh" when
connecting to a machine in the cloud environment, or bootstrap will fail.
There are several ways to get ssh to pick it up:
* specify the identity (private key) file in your ~/.ssh/config
* copy/symlink the identity file into ~/.juju/ssh; all private keys in
this directory will be attempted
* add the identity file to your ssh-agent (ssh-add <identity-file>).
After an environment is bootstrapped, you can now use the "juju
authorised-keys" commands to manage authorised keys across all machines in
the environment.
Cheers,
Andrew
On Fri, Jan 31, 2014 at 1:58 PM, Andrew Wilkins <
andrew.wilkins at canonical.com> wrote:
> Hi Nick,
>
> https://juju.ubuntu.com/docs/getting-started.html
>
> On the Intro/Getting Started page for Juju, we say that you *need* to
> generate an SSH key pair. This is no longer true in 1.17.x: Juju will
> generate one for you. Juju will continue to upload the default public keys
> from ~/.ssh, but they are no longer absolutely required.
>
> I'm not sure if we should reword the docs or not, but thought I should at
> least bring this to your attention. CC'ing the dev list in case someone
> has an opinion.
>
> Cheers,
> Andrew
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/juju-dev/attachments/20140205/6620f142/attachment.html>
More information about the Juju-dev
mailing list