CloudSigma Navigation
  • Services
    • Infrastructure-as-a-Service
    • Platform-as-a-Service
    • Cloud for Research and Education
    • Cloud-as-a-Service
    • Cloud Hosting Partner Program
  • Features
  • Pricing
    • IaaS Pricing
    • PaaS Pricing
  • Customers
  • Community
  • Blog
    • Cloud Computing Blog
    • Cloud Tutorials
    • Cloud Video Tutorials
    • CloudSigma Functionalities Technical Description
  • About
  • Contact Us
  • Login
  • flag iconEnglish
  • Search
  • Services
    • Infrastructure-as-a-Service
    • Platform-as-a-Service
    • Cloud for Research and Education
    • Cloud-as-a-Service
    • Cloud Hosting Partner Program
  • Features
  • Pricing
    • IaaS Pricing
    • PaaS Pricing
  • Customers
  • Community
  • Blog
    • Cloud Computing Blog
    • Cloud Tutorials
    • Cloud Video Tutorials
    • CloudSigma Functionalities Technical Description
  • About
  • Contact Us
  • Login
  • flag iconEnglish
  • Search
SSH Bash Script

Automatically Inject SSH Keys into your Cloud Servers Using This Simple Bash Script

You can use bash to automate many things for your cloud servers. At CloudSigma we use bash scripts with many of our library images to automate useful features.

In this post we share with you how you can use bash to import SSH keys automatically on boot-up of your cloud servers. You can achieve this by combining bash scripts with the metadata framework available with your cloud VMs.

Our Metadata Framework – An Introduction

SSH keys are included as part of the metadata framework. Metadata is passed to the API through the UI by means of JSON objects.

The API processes the information and then sends it to the serial console. The Linux/Unix distribution reads the metadata (including any SSH keys) from the serial console. In our case, this is /dev/ttyS1.

tty is an abbreviation for “Teletype” and the S1 means the COM2 port. Please note, that on the Windows OS this would appear just as COM2.

This is exactly the same framework we use in our library images to let customers inject SSH keys, but now you can set this up on your own systems that you upload to the cloud or create from scratch.

Bash Scripting1

Let’s say some words about bash scripting…

A bash/shell script contains a sequence of commands which are stored in a single file with a .sh extension. This saves time, instead of writing the same commands again and again. Instead, you need only to type the name of the script.

So now I’ll outline the bash/shell script that can be used for fetching public SSH keys automatically from the metadata of a CloudSigma cloud server on boot.

Also, there is an additional useful functionality – the ability to determine what kind of SSH authentication you are using and to disable the other one i.e. automatic disabling of password login if you have an SSH key injected on boot.

What this means is that the script checks if you have any associated SSH keys in the cloud server metadata and if you have, the password authentication will be disabled.

And the reverse – if you don’t have any attached SSH keys, the RSA authentication will be disabled. I think, in this way it’s more secure because if you are using RSA authentication with SSH keys you don’t need password based access which is not as auditable or controllable.

The main goal is to make things as convenient and easy as possible, especially for new users.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
stty -F /dev/ttyS1 raw -echo
chmod 700 /home/cloudsigma/.ssh
v=$(read READVALUE < /dev/ttyS1 && echo $READVALUE & sleep 2; echo -en "" > /dev/ttyS1; wait %1);
s=$(echo $v | grep -Po '"ssh_public_key":.*?[^\\]",' | awk '/\"*\"/{ print $2, $3, $4}' | sed s'/[,"]//g');
s_trimmed="$(echo "${s}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
if [ -n "$s_trimmed" ]; then
echo $s_trimmed >> /home/cloudsigma/.ssh/authorized_keys
fi
chmod 600 /home/cloudsigma/.ssh/authorized_keys
chown -R cloudsigma:cloudsigma /home/cloudsigma
 
if [ `ls -l /home/cloudsigma/.ssh/authorized_keys | awk '{print $5}'` -lt 10 ]
then
echo "Authorized keys file is empty. Enable password authentication"
sed -i 's|RSAAuthentication yes|RSAAuthentication no|g' /etc/ssh/sshd_config
sed -i 's|PubkeyAuthentication yes|PubkeyAuthentication no|g' /etc/ssh/sshd_config
else
echo "There is content in authorized keys file. Disable password authentication"
sed -i 's|PasswordAuthentication yes|PasswordAuthentication no|g' /etc/ssh/sshd_config
sed -i 's|UsePAM yes|UsePAM no|g' /etc/ssh/sshd_config
fi
exit

Finally, this is how you inject SSH Keys into your cloud servers. As we can see, the script reads the value from /dev/ttyS1. If there is a key, it will be pasted into authorized_keys file. It is located in ~/.ssh/authorized_keys.

In our case, the default username is cloudsigma.

Also, in the above script, I’m using sed. It is a stream editor in order to enable or disable RSA and password authentication within the sshd_config file.

We need to be sure that the following options are uncommented/present in the sshd_config file as well:

1
2
3
4
RSAAuthentication yes
PubkeyAuthentication yes
UsePAM yes
PasswordAuthentication yes

Finally, if you want it to run as root when the system boots up, you should add the script in rc.local file.

Have fun 🙂

Footnotes

1. You can also download the full Bash Script from here. If running from any other directory that rc.local as a file, execution permissions will be required.

  • About
  • Latest
D1069dff3e7b3e599dd8ad314fbb6341?s=80&r=g

About Viktor Stankov

Technical Support Representative @ CloudSigma. He is interested in computers, new technologies and sports. Addicted to learning Linux and Scripting languages.
  • A CloudSigma Python Script to automate the conversion of a drive snapshot into a full drive - June 16, 2016
  • Automatically Inject SSH Keys into your Cloud Servers Using This Simple Bash Script - February 6, 2016
bashcloudData Encryptionmetadatascriptingserial consoleserverssshssh keystutorial
  • Blog Posts
  • Business Continuity
  • Customer Success Story
  • Databases
  • IaaS
  • Networking
  • OS-level Virtualization / Containers
  • PaaS
  • Partner Success Story
  • Press Releases
  • Pressemitteilungen
  • Programming & DevOps
  • Research & Innovation Projects
  • Security & Privacy
  • Software & Tools
  • Storage
  • Tutorials
  • Usage & Billing
  • Video
  • Webinars
  • Home
  • Legal
  • Features
  • IaaS Pricing
  • About CloudSigma
  • Locations
  • Partners
  • Status
  • Cloud Tutorials
  • Questions
  • Blog
  • Careers
iso-27001iso-27017iso-27018geant EU-GDPR pci-dssstarEBA logo

Proud member of

gaia-x cix eco gaia-x arin ocre logo

© 2023 CloudSigma AG
Toggle the Widgetbar
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies. However you may visit Cookie Settings to provide a controlled consent.
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non Necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.

Save & Accept