CoreOS forgets authorized_keys

November 13, 2014 5.4k views

I have one working ssh key for CoreOS, created when creating the droplet. When I add a key via the web interface, it does not work, it is not added to authorized_keys
. When I manually add a key to ~/.ssh/authorized_keys it works until a reboot, then the key is removed. How can I prevent this?

Edit: And how can I type an underscore without it making words italic?

1 Answer

On CoreOS, ~/.ssh/authorized_keys is an auto generated file by the update-ssh-keys command. In order to add a new key without it getting clobbered on reboot, you can do something like:

echo 'ssh-rsa AAAAB3Nza.......  key@host' | update-ssh-keys -a core
  • Ok, thanx, I will try that. Do you know why the keys added in the webinterface won't be added? Why is it so cumbersome to have keys added?

  • For CoreOS, SSH keys are added via the metadata service. So it essentially runs:

    curl | update-ssh-keys -A core

    to add the key on first boot. Are you certain the key isn't being added correctly via the web interface? CoreOS only allows SSH connections via keys. Are you able to log onto the server at all?

  • Your first suggestion worked, the key is retained after reboot using:

    echo 'ssh-rsa AAAAB3Nza.......  key@host' | update-ssh-keys -a core


    The first key was always retained, the one added when creating the droplet. After that I added keys using the webinterface and directly to the autorizedkeys file. The webinterface keys are never loaded into my droplet (at least I saw no sign of them) and the keys added to authorizedkeys were removed upon reboot.

  • Hi, sorry to be back again.

    It didn't work, when I use the suggested method it almost seems like CoreOS can only save 2 keys at a time. I keeps forgetting a third one I add, but not after reboot, just at random it seems. Very strange.

    I never see that third key appearing in authorized(underscore)keys yet, I can use it to log in. For some time...

Have another answer? Share your knowledge.