How to install several ssh keys when creating droplet through api

Posted January 31, 2018 3.5k views
APIUbuntu 16.04

I’m setting up droplets via the API. in the create call I’m both adding an ssh key that’s already installed on DigitalOcean for logging into the droplet, and another third party ssh key to use for external communication.
The second one is added via the user data cloud init script.

When I use the call with only the login key it works. But when I add the init script the login key doesn’t work.
This means I can’t log into the droplet to debug. Any ideas what is going on?

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
4 answers

Turns out the key was malformed. It lacked proper line endings. Very confusing debugging.

Can you share an example of how you are calling the API and the cloud config script used? It would help narrow down the issue. At the surface, what you’re trying to should be supported.

You have a few options for adding multiple SSH keys to a Droplet:

The API allows for adding more than one SSH key when creating a Droplet. The ssh_keys field and take an array of SSH key IDs. For example, the body of your request might look like:

    "ssh_keys":[123456, 654321]

You can also add SSH keys to new Droplets via user data. For example:

  - name: root
      - ssh-rsa AAAAB3NzaC1yc2EAAAADA....

If you specify the root user, these keys will be merged with the keys specified via the API into the ~/.ssh/authorized_keys file.

If you are still having issues and want to do further debugging, you can reset the root password for your Droplet via the “Access” tab for the Droplet in the control panel in order to gain access.

by Justin Ellingwood
A cloud-config file is a special script that is used to define configuration details for your server as it is being brought online for the first time. These are often used for completing common tasks that a user would normally have to log into the server to accomplish. In this guide, we will run through how to do some initial configuration of an Ubuntu 14.04 server using a cloud-config file with our metadata service.

Yeah that’s no help at all. Like I said, I’m adding one key for access, and one key to communicate with a third party. Both your options are only for access.

This is my config:

  name: 'NAME',
  region: 'lon1',
  size: 's-1vcpu-1gb',
  image: 'ubuntu-16-04-x64',
  backups: false,
  ipv6: true,
  user_data: '#cloud-config
        rsa_private: |
          -----BEGIN RSA PRIVATE KEY-----
          -----END RSA PRIVATE KEY-----

        rsa_public: ssh-rsa AAAAB3NzaC1y
  ssh_keys: [ 18XXX16 ],
  private_networking: null,
  volumes: null,
  tags: [ 'dev' ] 

I naturally removed the keys themselves.

Now what I’m trying to do is:
Create a droplet that I can reach via the SSH key supplied in “sshkeys” and give that droplet access to my github account via the “userdata ssh_keys”.

The following also only installs the FIRST key provided:

{ name: 'NAME',
  region: 'lon1',
  size: 's-1vcpu-1gb',
  image: 'ubuntu-16-04-x64',
  backups: false,
  ipv6: true,
  ssh_keys: [ 18005919 ],
  private_networking: null,
  volumes: null,
  tags: [ 'dev' ],
  user_data: '#cloud-config
        - ssh-rsa AAAAB3xx9aR 
        - ssh-rsa AAAAB3NzaCC+KgGV 
   ' }

So there’s something wrong with the documentation of how cloud config works.
In this case the first SSH-KEY provided is added to authorized_keys and I can log in. But the second key simply disappears. I’ve yet to find any debugging information.

  • Sure seems that way to me. I’ve tried space separated, quote-enclosed, and comma-separated, but always see the error:

    Error: POST 422 (request "...") Only valid hostname characters are allowed. (a-z, A-Z, 0-9, . and -)