cloud-init and disable_root

Jon morby

New Member
Mar 1, 2018
22
0
1
48
I have been playing with cloud-init support in PVE and am loving it ... however, one of the things I want to disable on certain VMS (for good or for bad, please don't lecture on security) is to enable the root user to be able to ssh into the VMs (at least while we're building them and scp'ing large amounts of data between nodes with relayed ssh-agent credentials)

I've googled and searched and beyond changing the line in /etc/cloud/cloud.cfg to disable_root: false ... I can't see what else needs to be done to make the config change take hold

I've tried re-adding the ssh keys using qm set <vmid> but that still adds the "no login" bit

I've tried editing /etc/cloud/cloud.cfg on the pve but that didn't help

Do I need to do something specific on the host node, or inside the VM? Ideally I'd like to be able to do this during creation, but am happy to do it retrospectively ... Currently I'm using OpenStack images so doing it during creation would mean (I'm guessing) editing the OS image directly and changing the cloud.cfg file inside the image - but would that work anyway? Is this setting controlled somewhere else that I simply haven't identified as yet?

Any pointers would be gratefully received
 

Jon morby

New Member
Mar 1, 2018
22
0
1
48
I take it no-one knows how to do this, or isn't prepared to share the secret?

In my searching of the web I did find this article

https://stackoverflow.com/questions/23065673/how-to-re-run-cloud-init-without-reboot

Which seems to explain the ease with which it can actually be accomplished


The commands have been updated so to re-run you need to clean out the existing config:

sudo cloud-init clean

Then re-run it using the init directive:

sudo cloud-init init

Beware: things like ssh host keys maybe regenerated.​

So whilst answering my own question, it is at least stored for future reference in case anyone else tries to use cloud-init and has a similar problem
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE and Proxmox Mail Gateway. We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!