Can't ssh to vm instance created from cirros-0.5.2 image using key
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
Fix Released
|
Medium
|
Mikolaj Ciecierski |
Bug Description
Description
===========
It is not possible to ssh to an instance created from cirros-0.5.2 (http://
To workaround you can run update-
I spawned also an instance using a newer cirros image, cirros-0.6.0 (http://
Steps to reproduce
==================
1.Deploy tripleo environment from master branch
2.Upload key to the Compute service
openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
3.Spawn instance using command:
openstack server create \
--image ${IMAGE_NAME} \
--flavor ${FLAVOR_NAME} \
--key-name mykey \
--nic net-id=
4. Attach floating ip to instance
openstack server add floating ip ${INSTANCE_NAME} ${INSTANCE_FIP}
5.Try to ssh to instance using key from undercloud:
ssh ~/.ssh/<uploaded key> cirros@
Expected result
===============
Being able to ssh to the instance using key
Actual result
=============
Only password based authentication works for cirros-0.5.2 image
For cirros-0.6.0 both key and password works for ssh.
Hmm, I don't think this is a tripleo bug. I'd say the old cirros image is just using legacy ssh-rsa crypto algorithms that have been deprecated for some time. CentOS9 Stream won't support them by default, hence the requirement to re-enable them before being able to access the VM.
I don't think we want to use the legacy crypto-policies by default on our undercloud node.