How to use ssh_import_id with cloud-init on Raspberry Pi 4 /w Ubuntu 20.04 Server?

server raspberrypi cloud-init

I'm looking to automatically setup up my SSH keys on a fresh Ubuntu Server 20.04 install on a Raspberry Pi 4 - mostly as a learning exercise. I'm trying to use the ssh_import_id option of cloud-init to pull my SSH public key from my GitHub account and add it to ~/.ssh/authorized_keys for the pi user.

I cannot seem to get the ssh_import_id config to kick in. The ~/.ssh directory is never made for the pi user, and there are no logs relating to anything to do with pulling a key from GitHub/ssh_import_id in /var/logs/cloud-init.log or /var/log/cloud-init-output.log.

The current contents of my user-dataon the root of the SD card:

  - name: pi
    groups: [sudo]
    sudo: ALL=(ALL) NOPASSWD:ALL
    ssh_import_id: # import public key from github
      - gh:my_cool_github_account
    lock_passwd: true # disable password login

Everything works fine if I input the public key manually using ssh_authorized_keys, which will suit my workflow but I'm hoping to get the GitHub thing setup as it's snazzy.

My understanding of cloud-init is definitely a little basic, so I may have missed something. I'm triggering changes by running cloud-init clean and then cloud-init init, which feels like it's running fine as it's remaking users/general bits/the root ssh keys and fingerprint.

I'm presumably also using the NoCloud datasource.

Can anyone help me figure out what I'm doing wrong?


Is that only a snippet of your user data? If not, you also need the #cloud-config header and users:. Something like this should work:

#cloud-config
users:
  - name: pi
    groups: [sudo]
    sudo: ALL=(ALL) NOPASSWD:ALL
    ssh_import_id:
      - gh:torvalds
    lock_passwd: true

I just tested and found the key in /home/pi/.ssh/authorized_keys. You're sure the github user you're trying to import has keys located at https://github.com/settings/keys?

/var/log/cloud-init.log contains:

2021-08-09 13:56:24,302 - helpers.py[DEBUG]: Running config-ssh-import-id using lock (<FileLock using file '/var/lib/cloud/instances/me/sem/config_ssh_import_id'>)
2021-08-09 13:56:24,302 - cc_ssh_import_id.py[DEBUG]: Importing SSH ids for user pi.
2021-08-09 13:56:24,302 - subp.py[DEBUG]: Running command ['sudo', '-Hu', 'pi', 'ssh-import-id', 'gh:torvalds'] with allowed return codes [0] (shell=False, capture=False)

Related

How to hide dash to dock in app grid?
Getting a failed to fetch when running apt-get update with bintray
How to install Ubuntu on a spanned volume
File manager doesn't display fonts when I try to add image to playlist in Spotify. What can I do with this? [duplicate]
Migrated Ubuntu and EFI partition to ssd from hdd (dualboot Windows 7 + Ubuntu). Now I can't boot Windows [duplicate]
Ubuntu 21.04 any screen recorders not working. Showing black screen only!
ubuntu 20.04 cronjob at restart not working
enable AMDGPU for R9 270x on 20.04
where can i download onivim
With Snap and Apt both existing, how do I backup all my apps so that I can restore it on a new machine
Ubuntu Touch On Pixel 3a: Re-locking bootloader?
Cannot Install Ubuntu - no option to install Ubuntu alongside Windows