Modifying the Keypair of an Instance

You can replace the keypair assigned to an instance.

When you modify a keypair with Cockpit or the APIs, the metadata of the instance is modified to reflect the new public key, but the replacement is still not effective in the operating system of the instance. To complete the replacement and effectively apply the new keypair, you need to perform other actions inside the instance.

Modify the Instance Metadata

Modifying the Instance Metadata Using Cockpit v1

To modify the keypair reported by the metadata of the instance, use the MODIFY INSTANCE ATTRIBUTES dialog box.

For more information, see Modifying an Instance Attribute.

Modifying the VM Metadata Using OSC CLI

See the UpdateVm command sample in the documentation of the OUTSCALE API.

Apply the New Keypair

Applying the New Keypair Using scripts-per-boot

This method relies on the scripts-per-boot mechanism of cloud-init, in order to execute a script at each reboot of the instance.

  1. Access the instance. For more information, see Accessing Your Instances.

  2. Create a file in /var/lib/cloud/scripts/per-boot/, named for example update-keypair.sh, with the following content:

    update-keypair.sh
    #!/bin/bash
    curl http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key/ > /home/outscale/.ssh/authorized_keys
  3. Make the file executable:

    $ sudo chmod +x /var/lib/cloud/scripts/per-boot/update-keypair.sh
  4. Reboot the instance. For more information, see Rebooting Instances.
    The new keypair is applied.

Applying the New Keypair Using cloud_init_modules

This method relies on the cloud_init_modules mechanism of cloud-init, in order to reconfigure SSH at each reboot of the instance.

This method regenerates the SSH signature of the instance, therefore changing its fingerprint. This leads to a warning when you later re-access the instance.

  1. Access the instance. For more information, see Accessing Your Instances.

  2. In the file /etc/cloud/cloud.cfg, replace the entry - ssh under cloud_init_modules: with:

    - [ssh, always]
  3. Reboot the instance. For more information, see Rebooting Instances.
    The new keypair is applied.

Related Pages

Corresponding API Methods