cloudinit image not working via ssh

jhmc93

Member
Feb 22, 2022
181
1
23
31
hello I keep getting this error when trying to ssh into my cloned cloud-init image: "Permission denied (publickey)."
is there a way to solve it? thanks
 
There is almost always a way to solve a problem, except death and taxes.

That said, you need to provide much more information. Off the top of my head:
- version of pve
- how was VM created?
-- manually?
-- from cloud image? which one?
- what type of cloudinit used if any?
- did you program the VM with ssh key? how did you do it?
- how are you logging in ? what username are you using?
- what are your expectations? should ssh key be working? do you expect password authentication?
- what does "cloned" mean?
- have you examined any logs? did you do any troubleshooting?

I suspect you are probably realizing that the error message you provided is extremely generic.


Blockbridge : Ultra low latency all-NVME shared storage for Proxmox - https://www.blockbridge.com/proxmox
 
Last edited:
This isn't a PVE problem, it is regular SSH stuff. The error "Permission denied (publickey)" coupled with no password prompt generally means that the machine you are logging in to was set up with key authentication only, password authentications being disabled.

The error means that one of several things could be wrong. Maybe you are not using the proper key file when logging in (-i parameter to ssh if not the default), aren't logging in as the right user, or haven't set up the VM with a proper ~/.ssh/authorized_keys file for the user you are logging in as.

Giving the -vv parameter to your ssh client will print some debug info (more v's mean more detailed info). That might help you figure it out. You should also be able to log in on the VNC console of the VM to see the error logs on that side.
 
There is almost always a way to solve a problem, except death and taxes.

That said, you need to provide much more information. Off the top of my head:
- version of pve
- how was VM created?
-- manually?
-- from cloud image? which one?
- what type of cloudinit used if any?
- did you program the VM with ssh key? how did you do it?
- how are you logging in ? what username are you using?
- what are your expectations? should ssh key be working? do you expect password authentication?
- what does "cloned" mean?
- have you examined any logs? did you do any troubleshooting?

I suspect you are probably realizing that the error message you provided is extremely generic.


Blockbridge : Ultra low latency all-NVME shared storage for Proxmox - https://www.blockbridge.com/proxmox
Followed this video: https://youtu.be/Kv6-_--y5CM?si=gZckCUC9dWsF091E

Using Debian linux terminal and visual studio code
 
There is almost always a way to solve a problem, except death and taxes.

That said, you need to provide much more information. Off the top of my head:
- version of pve
- how was VM created?
-- manually?
-- from cloud image? which one?
- what type of cloudinit used if any?
- did you program the VM with ssh key? how did you do it?
- how are you logging in ? what username are you using?
- what are your expectations? should ssh key be working? do you expect password authentication?
- what does "cloned" mean?
- have you examined any logs? did you do any troubleshooting?

I suspect you are probably realizing that the error message you provided is extremely generic.


Blockbridge : Ultra low latency all-NVME shared storage for Proxmox - https://www.blockbridge.com/proxmox




- version of pve: latest
- how was VM created?: I setup a ubuntu cloud template and I cloned it from the template
-- from cloud image? which one?: latest ubuntu cloud image
- what type of cloudinit used if any?: Idk
- did you program the VM with ssh key? how did you do it?: I didn't insert an ssh key.
- how are you logging in ? what username are you using?: my own username I setup via ubuntu cloud.
- what are your expectations? should ssh key be working? do you expect password authentication?: I get password authentication but it comes with that error
- what does "cloned" mean?: I converted my ubuntu cloud image into a template. Then cloned it Back into a VM
- have you examined any logs? did you do any troubleshooting? : NO
 
Hi @jhmc93 . I did not have the time to watch the video. I presume that if someone took time to record 20min video with 30K views, then the procedure worked for them.
We use cloud images multiple times a day, including just now with only username/password (no ssh) and it worked fine for us.
In short, the issue you have is very likely not PVE related.

- how was VM created?: I setup a ubuntu cloud template and I cloned it from the template
There are a few different ways to "setup an ubuntu cloud template", some are not correct.
-- from cloud image? which one?: latest ubuntu cloud image
A specific link would help to confirm that you grabbed the right image.
- what type of cloudinit used if any?: Idk
There is a built in one (native PVE) and custom one. Given that you didnt know, I am going to presume it was built-in.
- how are you logging in ? what username are you using?: my own username I setup via ubuntu cloud.
An output of "qm config [vmid]" could be helpful to clarify what you did.



Blockbridge : Ultra low latency all-NVME shared storage for Proxmox - https://www.blockbridge.com/proxmox
 
Hi @jhmc93 . I did not have the time to watch the video. I presume that if someone took time to record 20min video with 30K views, then the procedure worked for them.
We use cloud images multiple times a day, including just now with only username/password (no ssh) and it worked fine for us.
In short, the issue you have is very likely not PVE related.


There are a few different ways to "setup an ubuntu cloud template", some are not correct.

A specific link would help to confirm that you grabbed the right image.

There is a built in one (native PVE) and custom one. Given that you didnt know, I am going to presume it was built-in.

An output of "qm config [vmid]" could be helpful to clarify what you did.



Blockbridge : Ultra low latency all-NVME shared storage for Proxmox - https://www.blockbridge.com/proxmox
https://cloud-images.ubuntu.com/noble/


qm config:
balloon: 0
boot: c
bootdisk: scsi0
cipassword: $5$Piocg9oM$HjlXK8YhKknyNO0gCSkzez1fjCC.6y0Bq/V3ca4gxm3
ciuser: jhmc93
cores: 2
cpu: host
ide2: isos-and-vms:5000/vm-5000-cloudinit.qcow2,media=cdrom
ipconfig0: ip=dhcp
memory: 4096
meta: creation-qemu=8.1.5,ctime=1718820046
name: ubuntu-cloud
nameserver: 92.68.25.1
net0: virtio=BC:24:11:AB:49:8B,bridge=vmbr0
numa: 0
scsi0: isos-and-vms:5000/base-5000-disk-0.raw,size=36352M
scsihw: virtio-scsi-pci
serial0: socket
smbios1: uuid=c0919ba2-51e9-4857-9883-3550377fb462
sockets: 1
template: 1
vga: serial0
vmgenid: a684f1e6-efcb-460a-818f-edc46ea9bfb2
 
Great! I was hoping that eventually we'd be able to gather enough information to get to the bottom of it.

I think this answers your question:

Code:
root@Copy-of-VM-vm9001:/home/blockbridge# sshd -T|grep -i pass
permitrootlogin without-password
kerberosorlocalpasswd yes
passwordauthentication no
permitemptypasswords no

root@Copy-of-VM-vm9001:/home/blockbridge# cat /etc/os-release
PRETTY_NAME="Ubuntu 24.04 LTS"
NAME="Ubuntu"
VERSION_ID="24.04"
VERSION="24.04 LTS (Noble Numbat)"
VERSION_CODENAME=noble
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=noble
LOGO=ubuntu-logo

Good luck


Blockbridge : Ultra low latency all-NVME shared storage for Proxmox - https://www.blockbridge.com/proxmox
 
Great! I was hoping that eventually we'd be able to gather enough information to get to the bottom of it.

I think this answers your question:

Code:
root@Copy-of-VM-vm9001:/home/blockbridge# sshd -T|grep -i pass
permitrootlogin without-password
kerberosorlocalpasswd yes
passwordauthentication no
permitemptypasswords no

root@Copy-of-VM-vm9001:/home/blockbridge# cat /etc/os-release
PRETTY_NAME="Ubuntu 24.04 LTS"
NAME="Ubuntu"
VERSION_ID="24.04"
VERSION="24.04 LTS (Noble Numbat)"
VERSION_CODENAME=noble
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=noble
LOGO=ubuntu-logo

Good luck


Blockbridge : Ultra low latency all-NVME shared storage for Proxmox - https://www.blockbridge.com/proxmox
I'm still having the same problem.
when I run the first command u sent "sshd -T|grep -i pass" I get the outcome: sshd: no hostkeys available -- exiting.
 
I'm still having the same problem.
when I run the first command u sent "sshd -T|grep -i pass" I get the outcome: sshd: no hostkeys available -- exiting.
Hi @jhmc93 ,
My apologies, I should have been more clear. The output I provided was not a fix. It was a demonstration that in Ubuntu 24 cloud image the password authentication is disabled by default. This means that you must use the SSH key if you are using limited options of the Proxmox CloudInit native interface.

If you insist on being able to log in with a password, you must convert to using Custom CloudInit.
In particular, you want to carefully study this section https://cloudinit.readthedocs.io/en/latest/reference/modules.html#set-passwords


Please note, this thread has moved out of the scope of "Proxmox VE: Installation and Configuration". Your challenge is a generic system administration activity.

Best of luck in your pursuit.


Blockbridge : Ultra low latency all-NVME shared storage for Proxmox - https://www.blockbridge.com/proxmox
 
Hi @jhmc93 ,
My apologies, I should have been more clear. The output I provided was not a fix. It was a demonstration that in Ubuntu 24 cloud image the password authentication is disabled by default. This means that you must use the SSH key if you are using limited options of the Proxmox CloudInit native interface.

If you insist on being able to log in with a password, you must convert to using Custom CloudInit.
In particular, you want to carefully study this section https://cloudinit.readthedocs.io/en/latest/reference/modules.html#set-passwords


Please note, this thread has moved out of the scope of "Proxmox VE: Installation and Configuration". Your challenge is a generic system administration activity.

Best of luck in your pursuit.


Blockbridge : Ultra low latency all-NVME shared storage for Proxmox - https://www.blockbridge.com/proxmox
is it hard to put in custom cloudinit? is it not as simple as enter username and password in the cloudinit settings? and enable passwordauthentication in ssh config?
 
is it hard to put in custom cloudinit? is it not as simple as enter username and password in the cloudinit settings? and enable passwordauthentication in ssh config?
It will be much easier for you to generate an ssh key pair and add the public part via PVE GUI


Blockbridge : Ultra low latency all-NVME shared storage for Proxmox - https://www.blockbridge.com/proxmox
 
Last edited:
I faced the same issue when I tried to use latest images of ubuntu "noble-server-cloudimg-amd64.img" from https://cloud-images.ubuntu.com/.

What I done is , I uninstall the open-ssh server package which come along with the image and reinstall by myself and it is work!!

Let me know is there any other ways you guys solve this issue. Thanks.
 
Hi @yanminaung , welcome to the forum
I uninstall the open-ssh server package which come along with the image and reinstall by myself
Doesn't this ^ imply that you were able to login to the system and so you could have as easily changed this option
passwordauthentication no in /etc/ssh/sshd_config ?

As always, there are many ways to achieve one's goal in Linux.


Blockbridge : Ultra low latency all-NVME shared storage for Proxmox - https://www.blockbridge.com/proxmox
 
Hi @bbgeek17

Yes, once I found this error, I changed password authentication no and it is no ok.

I already tried and changed the ssh config so many times with different kind of options, unfortunately it doesn't work. That's why I chose the way of reinstallation.
 
I already tried and changed the ssh config so many times with different kind of options, unfortunately it doesn't work. That's why I chose the way of reinstallation.
Interesting. Works for me:
Code:
 /usr/bin/ssh -o PreferredAuthentications=password  -o PubkeyAuthentication=no -F /dev/null -o IdentitiesOnly=yes testuser@172.16.202.172
testuser@172.16.202.172: Permission denied (publickey).

Code:
root@pve-1:~# ssh blockbridge@172.16.202.172
Last login: Thu Aug 22 00:54:54 2024 from 172.16.202.201
blockbridge@Copy-of-VM-Ubuntu22:~$

Code:
blockbridge@Copy-of-VM-Ubuntu22:~$ sudo sed -i 's/PasswordAuthentication no/PasswordAuthentication  yes/' /etc/ssh/sshd_config.d/60-cloudimg-settings.conf
blockbridge@Copy-of-VM-Ubuntu22:~$ sudo systemctl restart sshd
blockbridge@Copy-of-VM-Ubuntu22:~$
logout
Connection to 172.16.202.172 closed.
root@pve-1:~# /usr/bin/ssh -o PreferredAuthentications=password  -o PubkeyAuthentication=no -F /dev/null -o IdentitiesOnly=yes testuser@172.16.202.172
testuser@172.16.202.172's password:
Welcome to Ubuntu 22.04.4 LTS (GNU/Linux 5.15.0-1054-kvm x86_64)

Last login: Thu Aug 22 00:54:48 2024 from 172.16.202.201
Could not chdir to home directory /home/testuser: No such file or directory
$


Blockbridge : Ultra low latency all-NVME shared storage for Proxmox - https://www.blockbridge.com/proxmox
 
Hello @bbgeek17 ,

Awesome!!!. I got the root cause. I am doing the config changes in /etc/ssh/sshd_config, not in the /etc/ssh/sshd_config.d/60-cloudimg-settings.conf since I don't know about that.

Now I just follow the way you done step by step and it is resolve now. Thank you so much for your contribution @bbgeek17 .
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!