Push ssh public key to lxc container

aapjeisbaas
Last updated on 2017-09-26 2 min read

LXC is by far my favorite virtualization software for the desktop. I can spin up a base image to test something within seconds.

After starting there is one thing I’ll always do: setup SSH key login, then it feels like any other machine to manage.

Lets go trough the steps.

Setup a test machine

svanbroekhoven@PC-stein:~$ lxc image list
+-------+--------------+--------+-------------------------------------------+--------+----------+------------------------------+
| ALIAS | FINGERPRINT  | PUBLIC |                DESCRIPTION                |  ARCH  |   SIZE   |         UPLOAD DATE          |
+-------+--------------+--------+-------------------------------------------+--------+----------+------------------------------+
|       | 70223d3f415c | no     | ubuntu 16.04 LTS amd64 (daily) (20170317) | x86_64 | 145.34MB | Mar 18, 2017 at 4:44am (UTC) |
+-------+--------------+--------+-------------------------------------------+--------+----------+------------------------------+
svanbroekhoven@PC-stein:~$ lxc launch ubuntu:16.04 nginx-test
Creating nginx-test
Starting nginx-test          
svanbroekhoven@PC-stein:~$ lxc list
+----------------+---------+----------------------+-----------------------------------------------+------------+-----------+
|      NAME      |  STATE  |         IPV4         |                     IPV6                      |    TYPE    | SNAPSHOTS |
+----------------+---------+----------------------+-----------------------------------------------+------------+-----------+
|   nginx-test   | RUNNING | 10.87.183.245 (eth0) | fd99:3066:2539:9f7d:216:3eff:feef:cefd (eth0) | PERSISTENT | 0         |
+----------------+---------+----------------------+-----------------------------------------------+------------+-----------+

Transfer SSH public key

Now we have a machine running and are ready to push our SSH key into the container.

# Transfer the public key
svanbroekhoven@PC-stein:~$ lxc file push ~/.ssh/id_rsa.pub nginx-test/root/.ssh/authorized_keys  

# Open up a bash shell (ip from the lxc list)
svanbroekhoven@PC-stein:~$ lxc exec nginx-test bash
root@nginx-test:~# ll
total 20
drwx------  3 root root 4096 Mar 20 08:37 ./
drwxr-xr-x 22 root root 4096 Mar  8 02:20 ../
-rw-r--r--  1 root root 3106 Oct 22  2015 .bashrc
-rw-r--r--  1 root root  148 Aug 17  2015 .profile
drwx------  2 root root 4096 Mar 20 08:37 .ssh/

# Edit the file permissions
root@nginx-test:~# chmod 600 /root/.ssh/authorized_keys && sudo chown root: /root/.ssh/authorized_keys
root@nginx-test:~# exit

# Test the connection
svanbroekhoven@PC-stein:~$ ssh root@10.87.183.245
The authenticity of host '10.87.183.245 (10.87.183.245)' can't be established.
ECDSA key fingerprint is SHA256:LA31gxLK9zhA7qMaGwpNNKXcYb+9eht5FPvNwRUM/cE.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.87.183.245' (ECDSA) to the list of known hosts.

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

root@nginx-test:~# logout
Connection to 10.87.183.245 closed.
svanbroekhoven@PC-stein:~$
ssh
Cloud & Open-Source magician 🧙‍♂️

I try to find the KISS in complex systems and share it with the world.

comments powered by Disqus