Modifying the Keypair of a VM

You can replace the keypair assigned to a virtual machine (VM).

When you modify a keypair with Cockpit or the APIs, the metadata of the VM is modified to reflect the new public key, but the replacement is still not effective in the operating system of the VM. To complete the replacement and effectively apply the new keypair, you need to perform other actions inside the VM.

Modify the VM Metadata

To modify the keypair reported by the metadata of the VM, use the UpdateVm API method.

For more information, see Modifying a VM Attribute.

Apply the New Keypair

Applying the New Keypair Using scripts-per-boot

This method relies on the scripts-per-boot mechanism of cloud-init, in order to execute a script at each reboot of the VM.

  1. Access the VM. For more information, see Accessing Your VMs.

  2. Create a file in /var/lib/cloud/scripts/per-boot/, named for example update-keypair.sh, with the following content:

    update-keypair.sh
    #!/bin/bash
curl http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key/ > /home/outscale/.ssh/authorized_keys

  3. Make the file executable:

    $ sudo chmod +x /var/lib/cloud/scripts/per-boot/update-keypair.sh

  4. Reboot the VM. For more information, see Rebooting VMs.
    The new keypair is applied.

Applying the New Keypair Using cloud_init_modules

This method relies on the cloud_init_modules mechanism of cloud-init, in order to reconfigure SSH at each reboot of the VM.

This method regenerates the SSH signature of the VM, therefore changing its fingerprint. This leads to a warning when you later re-access the VM.

  1. Access the VM. For more information, see Accessing Your VMs.

  2. In the file /etc/cloud/cloud.cfg, replace the entry - ssh under cloud_init_modules: with:

    - [ssh, always]

  3. Reboot the VM. For more information, see Rebooting VMs.
    The new keypair is applied.

Related Pages

Corresponding API Methods

Export to PDF