未添加来自元数据的Google Cloud Compute实例SSH密钥 [英] Google Cloud Compute instance SSH key from metadata not added

问题描述

一段时间以来，我一直在成功地将SSH密钥添加到新产生的实例中，但是突然之间，它只是行不通了.他们的密钥不会添加到目标帐户(如果该帐户不存在，则不会创建该帐户).对于我的一个项目，它仍然可以正常工作，但在另一个项目中却没有，后者包含了第一个项目的改编版本.两种代码执行的步骤如下:

I have been successfully adding SSH keys to newly spawned instances for a while, but all of a sudden it just won't work. They key isn't added to the target account (and the account isn't created if it doesn't exist). It still works fine for one of my projects, but it doesn't on the other which contains an adapted version of the code from the first. The steps both codes go through are as follows:

1. 从快照创建磁盘.
2. 生成RSA密钥对.
3. 将元数据中的ssh-keys属性设置为上一步中以Google Cloud(<username>:ssh-rsa <key> <username>)理解的格式生成的公钥.
4. 使用第一步中创建的磁盘和第三步中创建的元数据创建实例.

1. Create a disk from a snapshot.
2. Generate an RSA key pair.
3. Set the ssh-keys property in the metadata to the public key generated in the previous step in the format understood by Google Cloud (<username>:ssh-rsa <key> <username>).
4. Create the instance with the disk created in the first step and the metadata created in the third.

当我在Google Cloud Console上签出实例数据时，它在"SSH密钥"部分中为正确的用户分配了正确的密钥.但是，当我通过SSH进入实例时，该密钥尚未添加到该用户的authorized_keys文件中.为了以防万一，我尝试在没有该用户的情况下重新创建快照，以便可以动态创建该用户(应该可以正常工作)，但在这种情况下，不会创建该用户.

When I check out the instance data on the Google Cloud Console, it has the correct key assigned to the correct user in the SSH Keys section. However, when I SSH into the instance, the key hasn't been added to the authorized_keys file for that user. Just in case, I tried recreating the snapshot without that user so that the user can be created on the fly (which should work), but in that case the user isn't created.

最后，Google Cloud的作用就好像SSH密钥不在元数据中，而是在元数据中一样.我遇到了此答案，但似乎无法理解这一部分:

In the end, Google Cloud just acts as if the SSH key isn't in the metadata, yet it is. I came accross this answer but can't seem to understand this part:

直接导致的结果是，仅当您未指定自己的密钥(在实例创建或以后创建)时，GCE平台才负责在实例中放置/删除ssh密钥(...).如果这样做，GCE平台将把ssh密钥管理视为手动操作，并且不会与元数据存储保持同步.

As a direct consequence of that, the GCE platform takes care of placing/removing your ssh keys in the instance (...) ONLY when you do not specify your own keys (at instance creation or later). If you do, the GCE platform will consider the ssh key management as manual, and nothing will be kept in sync with the metadata store.

我看不到正在执行的任何操作可能会将其触发为手动模式，但是显然某个地方存在问题.

I don't see anything I'm doing that could be triggering it into manual mode, yet there obviously is an issue somewhere.

我只是尝试从较早的快照运行相同的过程，所以它可以完美地工作.我将进行进一步调查，看看是什么原因造成的.

I just tried running the same process from an older snapshot and it worked flawlessly. I'll investigate further to see what causes this.

推荐答案

您需要具有最新版本的

You need to have the latest version of the Guest Tools. Here is an example to install the latest version on Ubuntu:

$ sudo apt-add-repository universe

$ sudo apt install -y python-google-compute-engine python3-google-compute-engine google-compute-engine-oslogin gce-compute-image-packages

您可以在此处阅读更多详细信息和其他操作系统

You can read here more details and other OS.

这篇关于未添加来自元数据的Google Cloud Compute实例SSH密钥的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！