Notice that the ubuntu user in the ubuntu 14.04 instance contains no keys from cloud-init (the keys there are added by the google daemon):
$ sudo cat /home/ubuntu/.ssh/authorized_keys
# Added by Google
ssh-rsa <the second example key but added by google daemon> <email address hidden>
In 16.04,
$ sudo cat /home/ubuntu/.ssh/authorized_keys
ssh-rsa <the third example key added by cloud-init> <email address hidden>
ssh-rsa <the second example key added by cloud-init> <email address hidden>
# Added by Google
ssh-rsa <the second example key added by the google daemon> <email address hidden>
[EXPECTED BEHAVIOR]
The ubuntu and cloudinit keys in metadata should be added to the ubuntu user by cloud-init.
Per documentation at https:/ /wiki.ubuntu. com/GoogleCompu teEngineSSHKeys ssh keys for cloudinit and ubuntu users should both be added to the 'ubuntu' users authorized_keys file.
This works fine in Xenial (16.04) and higher, but doesn't work for Trusty (14.04).
[REPRODUCE]
# create a file that contains ssh public keys
$ cat googlekeys
test:ssh-rsa <one example key> <email address hidden>
ubuntu:ssh-rsa <a second example key> <email address hidden>
cloudinit:ssh-rsa <a third example key> <email address hidden>
# create an ubuntu 14.04 instance
gcloud compute instances create ubuntu1404cloudinit --image-family ubuntu-1404-lts --image-project ubuntu-os-cloud --metadata- from-file= ssh-keys= googlekeys --metadata= block-project- ssh-keys= True
# create an ubuntu 16.04 instance
gcloud compute instances create ubuntu1604cloudinit --image-family ubuntu-1604-lts --image-project ubuntu-os-cloud --metadata- from-file= ssh-keys= googlekeys --metadata= block-project- ssh-keys= True
Notice that the ubuntu user in the ubuntu 14.04 instance contains no keys from cloud-init (the keys there are added by the google daemon):
$ sudo cat /home/ubuntu/ .ssh/authorized _keys
# Added by Google
ssh-rsa <the second example key but added by google daemon> <email address hidden>
In 16.04,
$ sudo cat /home/ubuntu/ .ssh/authorized _keys
ssh-rsa <the third example key added by cloud-init> <email address hidden>
ssh-rsa <the second example key added by cloud-init> <email address hidden>
# Added by Google
ssh-rsa <the second example key added by the google daemon> <email address hidden>
[EXPECTED BEHAVIOR]
The ubuntu and cloudinit keys in metadata should be added to the ubuntu user by cloud-init.