Modifying the Keypair of a VM
You can replace the keypair assigned to a virtual machine (VM).
When you modify a keypair with Cockpit or the APIs, the metadata of the VM is modified to reflect the new public key, but the replacement is still not effective in the operating system of the VM. To complete the replacement and effectively apply the new keypair, you need to perform other actions inside the VM.
Modify the VM Metadata
Modifying the VM Metadata Using OSC CLI
To modify the keypair reported by the metadata of the instance, use the UpdateVm command.
For more information, see Modifying a VM Attribute.
Apply the New Keypair
Applying the New Keypair Using scripts-per-boot
This method relies on the scripts-per-boot mechanism of cloud-init, in order to execute a script at each reboot of the instance.
-
Access the instance. For more information, see Accessing Your VMs.
-
Create a file in /var/lib/cloud/scripts/per-boot/, named for example update-keypair.sh, with the following content:
update-keypair.sh#!/bin/bash curl http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key/ > /home/outscale/.ssh/authorized_keys -
Make the file executable:
$ sudo chmod +x /var/lib/cloud/scripts/per-boot/update-keypair.sh -
Reboot the instance. For more information, see Rebooting VMs.
The new keypair is applied.
Applying the New Keypair Using cloud_init_modules
This method relies on the cloud_init_modules mechanism of cloud-init, in order to reconfigure SSH at each reboot of the instance.
|
This method regenerates the SSH signature of the instance, therefore changing its fingerprint. This leads to a warning when you later re-access the instance. |
-
Access the instance. For more information, see Accessing Your VMs.
-
In the file /etc/cloud/cloud.cfg, replace the entry
- sshundercloud_init_modules:with:- [ssh, always] -
Reboot the instance. For more information, see Rebooting VMs.
The new keypair is applied.
Related Pages
Corresponding API Methods