/cj-cloud-init.yml Secret
-
Star
(114)
You must be signed in to star a gist -
Fork
(99)
You must be signed in to fork a gist
-
-
Save w3cj/cdd447b1a10ce741e4ee968fa6b75553 to your computer and use it in GitHub Desktop.
| # This config was written for Ubuntu 22.04 | |
| # If you are using a more recent version, see the comments of this gist for fixes | |
| #cloud-config | |
| users: | |
| - name: cj | |
| ssh_authorized_keys: | |
| - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBlfqermlV44zAU+iTCa5im5O0QWXid6sHqh2Z4L1Cm [email protected]" | |
| sudo: ALL=(ALL:ALL) ALL | |
| groups: sudo | |
| shell: /bin/bash | |
| chpasswd: | |
| expire: true | |
| users: | |
| - name: cj | |
| password: changeme | |
| type: text | |
| runcmd: | |
| - sed -i '/PermitRootLogin/d' /etc/ssh/sshd_config | |
| - echo "PermitRootLogin without-password" >> /etc/ssh/sshd_config | |
| - sed -i '/PubkeyAuthentication/d' /etc/ssh/sshd_config | |
| - echo "PubkeyAuthentication yes" >> /etc/ssh/sshd_config | |
| - sed -i '/PasswordAuthentication/d' /etc/ssh/sshd_config | |
| - echo "PasswordAuthentication no" >> /etc/ssh/sshd_config | |
| - systemctl restart sshd | |
| - echo "\$nrconf{kernelhints} = -1;" > /etc/needrestart/conf.d/99disable-prompt.conf | |
| - apt update | |
| - apt upgrade -y --allow-downgrades --allow-remove-essential --allow-change-held-packages | |
| - reboot |
Facing an issue where I tried to use the cloud config. I have triple checked to see if my public keys are correct but after the server spins up, i get
ssh root@[xxx.xxx.xxx.xxx]ssh: connect to host [xxx.xxx.xxx.xxx]: port 22: Connection refused.
I have also experienced this error. In my testing, it appears as if the issue lies with the command systemctl restart sshd as the SSH service name varies from system to system between ssh and sshd. This can be checked using the command sudo systemctl list-units --type=service | grep ssh.
My solution is to edit line 22 in the clout-init.yml file to systemctl restart ssh || systemctl restart sshd in an attempt to target both SSH service names.
If I restart the server, I get
root@[xxx.xxxx.xxx.xxx]: Permission denied (publickey).
Had the same issue as @ahamedzoha .What I did was edit line 22 as @irvdude said to " - systemctl restart ssh" because it looked like in an earlier run the service on my system wasn't called sshd. Ultimately I don't know if that has changed anything.
Because after some troubleshooting the issue was I had to start the ssh login with:
ssh -o "IdentitiesOnly=yes" -i privatekeyfilename root@serveripaddress
privatekeyfilename being the name you gave when creating the ssh key, assuming you're following the coolify guide as well.
Edit: This is also assuming you're running the ssh command in the folder where the privatekey file is located. Otherwise you might need to specificy the path to it as well.
My solution is to edit line 22 in the clout-init.yml file to
systemctl restart ssh || systemctl restart sshdin an attempt to target both SSH service names.
Ubuntu 24.04 has removed the d alias for various systemd services (https://www.reddit.com/r/Ubuntu/comments/1cl5qiq/systemctl_restart_sshd_does_not_work_any_more_in/). Since CJ's example used 22.04, its most likely that this is one the reasons that, potentially, we're having some issues when spinning up new 24.04 VM's with this cloud init that was intended for 22.04 :)
My solution is to edit line 22 in the clout-init.yml file to
systemctl restart ssh || systemctl restart sshdin an attempt to target both SSH service names.
I also left out one small (huge) detail. On line 21 of cloud-init.yml, I also happened to have changed "PasswordAuthentication no" to "PasswordAuthentication yes".
Thus, conveniently disabling PasswordAuthentication, enabling access to the server (my mistake).
One could simply pipe echo "PasswordAuthentication no" >> /etc/ssh/sshd_config back into the session once connected, then wait for the system to reboot and then ssh back in. (unless you are plan adding a new server through Coolify I'd highly recommend doing that well after your new server is configured.)
I'm also testing @adrnd method to ssh into the session using ssh -o "IdentitiesOnly=yes" -i ~/.ssh/id_ed25519 root@serveripaddress, will follow up here.
The server kept asking me for my password. @adrnd's solution worked for me.
If I restart the server, I get
root@[xxx.xxxx.xxx.xxx]: Permission denied (publickey).
Did you set the permissions right?
chmod -R 644 ~/.ssh/your_key.pub
chmod -R 600 ~/.ssh/authorized_keys
An alternative to @adrnd solution would be to create an ssh config entry like the following:
Host my_awesome_server
HostName xxx.xxx.xxx.xxx
User <YOUR_USER_NAME_SPECIFIED_IN_CLOUD_CONFIG>
Port 22
IdentityFile ~/.ssh/<PRIVATE_KEY_FILE>
And then run ssh my_awesome_server. This should enforce a user login on the given IP to use your public/private key for authentication. Make sure to also follow @swrrvr suggestion to add systemctl restart ssh || systemctl restart sshd to the cloud config. in line 22
Here's an updated version for ubuntu 24.04: https://gist.github.com/dziamid/0de2761e0ecc4b3e68e2461c60f82930
I am struggling with getting a new public key stored in known_hosts locally when trying to run ssh root@{ip-adress} rather than the public key I set in cloud.init script. Using @dziamid new file for Ubuntu 24.04, also added the systemctl restart ssh || systemctl restart sshd, does anyone know why this happens?
Here's an updated version for ubuntu 24.04: https://gist.github.com/dziamid/0de2761e0ecc4b3e68e2461c60f82930
+1
Thanks!
@dziamid I still can't get in to log in to the username I create with the password 'changeme' it says Permission denied, please try again. Is this config sure to be correct?
Hey @dwatek , I'm facing the same issue. Did you have any luck?
@SebastianArce remember to also add #cloud-config at top of file. I thought it was just a comment, but without it the whole config didn't work
@dwatek yes, that was it. Thanks!
Can someone explain Disable needrestart prompts ? Should we enable again at the end?
Can we use -apt full-upgrade -y as - apt upgrade -y --allow-downgrades --allow-remove-essential --allow-change-held-packages seems risky?
Can someone explain Disable needrestart prompts ? Should we enable again at the end? Can we use -apt full-upgrade -y as - apt upgrade -y --allow-downgrades --allow-remove-essential --allow-change-held-packages seems risky?
disbaling needrestart is perfect for the cloud-init automation, we reboot at the end anyway, so there’s no need to re-enable it here
prompts would only matter for later manual updates, and you can remove this file post-setup if you want them back
as for the apt upgrade yeah, unless cj was fixing some specific issue requiring downgrades or removals, I agree apt full-upgrade -y is a safer bet
i kept getting the error root@[xxx.xxxx.xxx.xxx]: Permission denied (publickey) error in the newest version till i found out that coolify somehow added a key (something like <key>/x coolify) to the authorized_keys key file but didnt write it to a new line, so it was appended after the already existing key. Moving the key to a new line fixed the issue for me
@SebastianArce remember to also add
#cloud-configat top of file. I thought it was just a comment, but without it the whole config didn't work
Thank you x_x that is so dumb I've been struggling for a while because of that simple thing
Hm, not of the provided fixes worked for me :(
Here's a version that worked for me (it has some bigger changes compared to the original):
#cloud-config
users:
- name: yourname
ssh_authorized_keys:
- "<SSH_KEY>"
sudo: ALL=(ALL:ALL) ALL
groups: sudo
shell: /bin/bash
chpasswd:
expire: true
users:
- name: yourname
password: changeme
type: text
write_files:
- path: /etc/ssh/sshd_config.d/99-custom.conf
content: |
PermitRootLogin without-password
PubkeyAuthentication yes
PasswordAuthentication no
runcmd:
- systemctl restart sshd
- echo "\$nrconf{kernelhints} = -1;" > /etc/needrestart/conf.d/99disable-prompt.conf
- apt update
- apt upgrade -y --allow-downgrades --allow-remove-essential --allow-change-held-packages
- reboot
I have also encountered issues with running cloud init on Hetzner Ubuntu 24.04 ARM VPS. Unfortunately, sshd was not aliased so I had to use systemclt restart ssh instead.
Here is a config that ended up working for me
#cloud-config
users:
- name: <username>
ssh_authorized_keys:
- <pub_ssh_key>
sudo: ALL=(ALL:ALL) ALL
groups: sudo
shell: /bin/bash
chpasswd:
expire: true
users:
- name: <username>
password: changeme
type: text
package_update: true
package_upgrade: true
runcmd:
- sed -i -e '/^\(#\|\)PermitRootLogin/s/^.*$/PermitRootLogin without-password/' /etc/ssh/sshd_config
- sed -i -e '/^\(#\|\)PubkeyAuthentication/s/^.*$/PubkeyAuthentication yes/' /etc/ssh/sshd_config
- sed -i -e '/^\(#\|\)PasswordAuthentication/s/^.*$/PasswordAuthentication no/' /etc/ssh/sshd_config
- systemctl restart ssh
- echo "\$nrconf{kernelhints} = -1;" > /etc/needrestart/conf.d/99disable-prompt.conf
power_state:
delay: 1
timeout: 60
mode: reboot
message: Rebooting after cloud init
Facing an issue where I tried to use the cloud config. I have triple checked to see if my public keys are correct but after the server spins up, i get
ssh root@[xxx.xxx.xxx.xxx]ssh: connect to host [xxx.xxx.xxx.xxx]: port 22: Connection refused.If I restart the server, I get
root@[xxx.xxxx.xxx.xxx]: Permission denied (publickey).FYI: I have attached my ssh keys during server creation