API: Adding SSH key when creating a droplet

May 29, 2015 12.1k views

When creating a droplet via the API, you can pass in an SSH key.

What is the format of the key? I am guessing it would be like this, based on return value of the List All Keys API:

{"sshkeys":[{"id":263654,"fingerprint":"11:37:44:86:62:15:86:5f:0c:7d:41:0b:39:cb:3c:44","publickey":"ssh-rsa ZZZB3NzaC1yc2EAAAADAQABAAABAQC6vHxLRqVEN2Ze9f8ii634wP5f0Ysua+zqcedJFy8D6/biGE2b0pr0fZoB0lyypu3d6uxt8DvxNNRSgcDiZ6JUoTqPWVY252xgaykghBuNsTSFboAT+c/J9/8GQnTJx5PbiUAMeOBsQ6bU3rkhidhsxDyUzp8PyvTHZxopuCZ/QD/qTRgnpXLiV5/RiKMfg69dRLpG9nTWAfXKb4cwBQesPvfSzPemyMWorkLRbnGlDH3s81yIRNDTO9/LKMIPov715lXF4njbvazSnqjLMLNW4MTvSpUt6LFBv4gKCHgqK0V68QV4Py6BDWhpI0nyzZRlnAxKThbJ3nGDThc4d8m5x tom@tomsmacbook.local","name":"For tomsmacbook"}],"links":{},"meta":{"total":1}}

I am still a little fuzzy about SSH and so am not sure exactly what SSH key to pass in. I am guessing I want it to be the public key file (named id_rsa.pub by default) that was created at the same time as the private key my machine uses?

Thanks much.

P.S. Key contents, machine IDs, etc. were changed to protect the innocent.

  • Still not working, but I think it should probably be closer to this (TOKEN is a valid token defined in my environment):

    curl -D - -X POST -H "Content-Type: application/json" -H "Authorization: Bearer $TOKEN" -d '{"name":"git","region":"nyc3","size":"512mb","image":"ubuntu-14-04-x64","ssh_keys":[{"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN5Z0EHKo09iLXvsggp1epyjhisZ2W3MG8LBuDSW/cQQXl66kcb8Vd1tp9sEZ9EkqWNtmikl22k4QQeLSD59EvXMvwxlBWWq8V8+aro6DcJTDfCfEBWYo/LgjArCutLsbfIu272IDXyXLRD5LPu9kXHhF20woVFWPm8AsLpCsV92k7ZY/eGYrwOPVowUi19ribyl0NOtsMu6paijcat7WGHBGfY2IIkgACKj5bMaNipfVkYonZX9SVY4SWurLGXLxoU16zXz2bs4we8LiW0yRWdHI9h6YEoZAn/IJodWQtEnL0k+4ydvWKz0UXo2RlM8GPFqA/zRLQ923EpZq4sbgf tom@example.com"}],"backups":false,"ipv6":true,"user_data":null,"private_networking":null}' "https://api.digitalocean.com/v2/droplets" > droplet-git.json

    Output is:

    {"id":"bad_request","message":"Your request body was malformed."}

    This exact command but with "ssh_keys":null works perfectly, creating a droplet.

  • Latest version, still failing:

    curl -D - -X POST -H "Content-Type: application/json" 
    -H "Authorization: Bearer $TOKEN" -d '{"name":"git","region":"nyc3","size":"512mb","image":"ubuntu-14-04-x64",
    "ssh_keys":["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN5Z0EHKo09iLXvsggp1epyjhisZ2W3MG8LBuDSW/cQQXl66kcb8Vd1tp9sEZ9EkqWNtmikl22k4QQeLSD59EvXMvwxlBWWq8V8+arAbbcJTDfCfEBWYo/LgjArCutLsbfIu272IDwyXLRD5LPu9kXHhF20woVFWPm8AsLpCsV92k7ZY/eGYrwOPVowUi19ribyl0NOtsMu6paijcat7WGHBGfY2IIkgACKj5bMaNipfVkYonZX9SVY4SWurLGXLxoU16zXz2bs4we8LiW0yRWdHI9h6YEoZAn/IJodWQtEnL0k+4ydvWKz0UXo2RlM8GPFqA/zRLQ923EpZq4sbgf tom@example.com"],"backups":false,"ipv6":true,"user_data":null,"private_networking":null}' "https://api.digitalocean.com/v2/droplets" > create-results.json

    And the output is:

    {"id":"unprocessable_entity","message":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN5Z0EHKo09iLXvsggp1epyjhisZ2W3MG8LBuDSW/cQQXl66kcb8Vd1tp9sEZ9EkqWNtmikl22k4QQeLSD59EvXMvwxlBWWq8V8+aro6DcJTDfCfEBWYo/LgjArCutLsbfIu272IDwyXLRD5LPu9kXHhF20woVFWPm8AsLpCsV92k7ZY/eGYrwOPVowUi19ribyl0NOtsMu6paijcat7WGHBGfY2IIkgACKj5bMaNipfVkYonVY4SWurLGXLxoU16zXz2bs4we8LiW0yRWdHI9h6YEoZAn/IJodWQtEnL0k+4ydvWKz0UXo2RlM8GPFqA/zRLQ923EpZq4sbgf tom@example.com are invalid key identifiers for Droplet creation."}
  • I believe you want to use the fingerprint value (e.g. 11:37:44:86:62:15:86:5f:0c:7d:41:0b:39:cb:3c:44) not the actual public key.

  • So

    curl -D - -X POST -H "Content-Type: application/json" -H "Authorization: Bearer $TOKEN" -d '{"name":"git","region":"nyc3","size":"512mb","image":"ubuntu-14-04-x64","ssh_keys":["11:37:44:86:62:15:86:5f:0c:7d:41:0b:39:cb:3c:44"],"backups":false,"ipv6":true,"user_data":null,"private_networking":null}' "https://api.digitalocean.com/v2/droplets" > droplet-git.json
  • I'm trying to add the key to the root user of the droplet I am creating. In fact I'm trying to add half a dozen fingerprints to each droplet for our team.

    The goal is to avoid the onerous setup of having to log into each droplet and change the password from the one that was auto generated.

    The answer below seems to be related to the digital ocean account ssh key. The keys I want to add are from my group's public keys on off their laptops.

    I feel confused. Which is which. Can you explain how I ssh into a droplet with my self generated key and how I format multiple keys into the root user with the api. Not all users who ssh into our droplets will have a digital ocean account.

    From the V2 docs re: create new droplet:
    ssh_keys - Array - An array containing the IDs or fingerprints of the SSH keys that you wish to embed in the Droplet's root account upon creation.


3 Answers

hi, instead of the actual key you have to send the ID of the key.

  1. generate the key (which it looks like you've already done)
  2. add your public key via https://cloud.digitalocean.com/ssh_keys or API https://developers.digitalocean.com/documentation/v2/#create-a-new-key
  3. get the ID of the added public key via API call curl -X GET -H 'Content-Type: application/json' -H 'Authorization: Bearer $TOKEN' "https://api.digitalocean.com/v2/account/keys"
  4. use this ID for you droplet creation call: ...,"ssh_keys":[123456]... enjoy!

It works for me when use the following;

curl -X POST "https://api.digitalocean.com/v2/droplets" -d'{"name":"server1.example.com","region":"nyc3","size":"512mb","image":"centos-6-5-x64","ssh_keys":["95:0d:c5:a9::xxxx:xxxx:f7:fa"]}' -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json"

$TOKEN is my API key

This works for me:

curl -X GET "https://api.digitalocean.com/v2/account/keys" -H "Authorization: Bearer $DO_API_TOKEN"
Have another answer? Share your knowledge.