[SOLVED] Cloud-init replaces/overwrites "PasswordAuthentication"

Razva · Aug 21, 2019

Hello,

It seems that Proxmox's cloud-init replaces any "PasswordAuthentication" settings previously made by the user and/or by the initial OS image.

Example: we're using CentOS7's default Cloud image, which has "PasswordAuthentication yes" set by default. When inspecting the image with guestfish the /etc/ssh/sshd_config file clearly states "PasswordAuthentication yes". When running a VM on Proxmox (via cloud-init) the file is altered with "PasswordAuthentication no".

We even tried to make a custom sshd_config, it gets overwritten.

Please advise.

Thanks,
Razva

Alwin · Aug 23, 2019

Razva said:
It seems that Proxmox's cloud-init replaces any "PasswordAuthentication" settings previously made by the user and/or by the initial OS image.

AFAICT, the could-init settings you can set do only disable root login and set add ssh keys. No config change.

Razva said:
We even tried to make a custom sshd_config, it gets overwritten.

You may check the cloud-init config on the guest, there maybe some settings that are done additionally.

EDIT: https://serverfault.com/questions/412113/aws-how-to-stop-cloud-init-from-disabling-root-login

Razva · Aug 23, 2019

Alwin said:
AFAICT, the could-init settings you can set do only disable root login and set add ssh keys. No config change.

You may check the cloud-init config on the guest, there maybe some settings that are done additionally.

EDIT: https://serverfault.com/questions/412113/aws-how-to-stop-cloud-init-from-disabling-root-login

There's no cloud.cfg on Proxmox. Should we generate it manually? If yes, what path should we use?

Alwin · Aug 23, 2019

Razva said:
There's no cloud.cfg on Proxmox. Should we generate it manually? If yes, what path should we use?

This config is on the guest, not on the host.

Razva · Aug 23, 2019

As @Alwin mentioned, the solution is trivial.

1. Open the .qcow2 image with the editor of your choice. I'm using guestfish as it's the most easy to use.
2. Edit /etc/cloud/cloud.cfg in the after mentioned .qcow2 guest image, and set the following options:

Code:

disable_root: 0
ssh_pwauth:   1

3. Use the resulting image into generating a Proxmox Template. You can use my Promox Template Generator script.
4. Clone that Template into a new VM and set the appropriate Cloud-init values. The resulting VM will allow you to connect to SSH via user/pass.

nadermx · Jun 1, 2023

Can we do this through a hookscript instead?

Search

Search

[SOLVED] Cloud-init replaces/overwrites "PasswordAuthentication"

Razva

Renowned Member

Alwin

Proxmox Retired Staff

Razva

Renowned Member

Alwin

Proxmox Retired Staff

Razva

Renowned Member

nadermx

New Member

We value your privacy