Push ssh public key to lxc container
LXC is by far my favorite virtualization software for the desktop. I can spin up a base image to test something within seconds.
After starting there is one thing I’ll always do: setup SSH key login, then it feels like any other machine to manage.
Lets go trough the steps.
Setup a test machine
svanbroekhoven@PC-stein:~$ lxc image list
+-------+--------------+--------+-------------------------------------------+--------+----------+------------------------------+
| ALIAS | FINGERPRINT | PUBLIC | DESCRIPTION | ARCH | SIZE | UPLOAD DATE |
+-------+--------------+--------+-------------------------------------------+--------+----------+------------------------------+
| | 70223d3f415c | no | ubuntu 16.04 LTS amd64 (daily) (20170317) | x86_64 | 145.34MB | Mar 18, 2017 at 4:44am (UTC) |
+-------+--------------+--------+-------------------------------------------+--------+----------+------------------------------+
svanbroekhoven@PC-stein:~$ lxc launch ubuntu:16.04 nginx-test
Creating nginx-test
Starting nginx-test
svanbroekhoven@PC-stein:~$ lxc list
+----------------+---------+----------------------+-----------------------------------------------+------------+-----------+
| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
+----------------+---------+----------------------+-----------------------------------------------+------------+-----------+
| nginx-test | RUNNING | 10.87.183.245 (eth0) | fd99:3066:2539:9f7d:216:3eff:feef:cefd (eth0) | PERSISTENT | 0 |
+----------------+---------+----------------------+-----------------------------------------------+------------+-----------+
Transfer SSH public key
Now we have a machine running and are ready to push our SSH key into the container.
# Transfer the public key
svanbroekhoven@PC-stein:~$ lxc file push ~/.ssh/id_rsa.pub nginx-test/root/.ssh/authorized_keys
# Open up a bash shell (ip from the lxc list)
svanbroekhoven@PC-stein:~$ lxc exec nginx-test bash
root@nginx-test:~# ll
total 20
drwx------ 3 root root 4096 Mar 20 08:37 ./
drwxr-xr-x 22 root root 4096 Mar 8 02:20 ../
-rw-r--r-- 1 root root 3106 Oct 22 2015 .bashrc
-rw-r--r-- 1 root root 148 Aug 17 2015 .profile
drwx------ 2 root root 4096 Mar 20 08:37 .ssh/
# Edit the file permissions
root@nginx-test:~# chmod 600 /root/.ssh/authorized_keys && sudo chown root: /root/.ssh/authorized_keys
root@nginx-test:~# exit
# Test the connection
svanbroekhoven@PC-stein:~$ ssh root@10.87.183.245
The authenticity of host '10.87.183.245 (10.87.183.245)' can't be established.
ECDSA key fingerprint is SHA256:LA31gxLK9zhA7qMaGwpNNKXcYb+9eht5FPvNwRUM/cE.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.87.183.245' (ECDSA) to the list of known hosts.
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
root@nginx-test:~# logout
Connection to 10.87.183.245 closed.
svanbroekhoven@PC-stein:~$