Set ssh authorized_key without cloud-config? [Raspberry Pi image]

According to the official instructions for installing RancherOS on the RPi, it does not use cloud-config. I cannot find any info on setting the SSH authorized_keys without using a cloud-config file. Anyone know how to do this? I’d like to not be stuck using the default password.

A cloud-config file can’t be used on first boot since there’s no method to inject one like there is in other platforms. You can still add an SSH key with ros config set or ros config merge (https://docs.rancher.com/os/configuration/).

I tried that, but it seems I was not using the appropriate key. Not sure where I can get a list of all possible settings that ros config will recognize.

However, it seems I may have been overthinking it, since manually creating the ~/.ssh/authorized_keys file seems to have done the trick.

so @joshwget could you give a bit of direction on what the merge command would look like?

I tried all manner of:

sudo ros config merge rancher.ssh.keys.rsa(rsa-pub etc.) “ssh-rsa AAA…”

waited 30 mins in one instance until I quit the process as it seemed it was looking for further input from me.

I ended up doing as @dankeller did and also set the rancher login pass to return key to disable the plain rancher ssh login
my gist for rPi-Rancher ssh keys

Thanks for any guidance
d

I’ve been able to set a ssh key with this command:

sudo ros config set ssh_authorized_keys ['ssh-rsa XXXX']
and then rebooting.

However I’ve not figure out how to disable the default rancher password on the rancher user. I can still login with that over ssh :frowning:.

@stefanfoulis

$ mkdir -p /boot
$ mount /dev/mmcblk0p1 /boot
$ vi /boot/cmdline.txt
#uncomment rancher.password=rancher
$ vi /etc/shadow
#change /etc/shadow rancher user to '!' e.g. rancher:!:17938:0:99999:7:::
$ reboot
1 Like