CoreOS forgets authorized_keys

Posted November 13, 2014 12.4k views

I have one working ssh key for CoreOS, created when creating the droplet. When I add a key via the web interface, it does not work, it is not added to authorized_keys
. When I manually add a key to ~/.ssh/authorized_keys it works until a reboot, then the key is removed. How can I prevent this?

Edit: And how can I type an underscore without it making words italic?

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
1 answer

On CoreOS, ~/.ssh/authorized_keys is an auto generated file by the update-ssh-keys command. In order to add a new key without it getting clobbered on reboot, you can do something like:

echo 'ssh-rsa AAAAB3Nza.......  key@host' | update-ssh-keys -a core
  • Ok, thanx, I will try that. Do you know why the keys added in the webinterface won’t be added? Why is it so cumbersome to have keys added?

  • For CoreOS, SSH keys are added via the metadata service. So it essentially runs:

    curl | update-ssh-keys -A core

    to add the key on first boot. Are you certain the key isn’t being added correctly via the web interface? CoreOS only allows SSH connections via keys. Are you able to log onto the server at all?

  • Your first suggestion worked, the key is retained after reboot using:

    echo 'ssh-rsa AAAAB3Nza.......  key@host' | update-ssh-keys -a core


    The first key was always retained, the one added when creating the droplet. After that I added keys using the webinterface and directly to the autorizedkeys file. The webinterface keys are never loaded into my droplet (at least I saw no sign of them) and the keys added to authorizedkeys were removed upon reboot.

  • Hi, sorry to be back again.

    It didn’t work, when I use the suggested method it almost seems like CoreOS can only save 2 keys at a time. I keeps forgetting a third one I add, but not after reboot, just at random it seems. Very strange.

    I never see that third key appearing in authorized(underscore)keys yet, I can use it to log in. For some time…

    • Since I just recently had a similar problem, I wanted to ask you how exactly you added your keys?

      I believe that by using echo 'ssh-rsa <key> <description>' | update-ssh-keys -a <name> with ‘core’ as name you always overwrite the key you already stored as 'core’ try using something else, I guess that should solve your problem. (If you still have the problem arising)

      At least that is what I concluded after a view trials and errors.

  • Is there a way to do this in recovery mode? I couldn’t figure out how to run update-ssh-keys while booted to the Recovery ISO.

  • @asb thanks for this, how would we remove a key that we added to update-ssh-keys ?

    • That can be done using the same command. For example:

      $ update-ssh-keys -d asb@chromebook
      Removing asb@chromebook:
      Updated "/home/core/.ssh/authorized_keys

      If you don’t know the name of the key, you can list all the ones that have been configured using update-ssh-keys -l