Authorized_keys file keeps getting deleted automatically
2,086 views
Skip to first unread message
Gaurav Vij
Dec 25, 2019, 5:19:57 PM12/25/19
to gce-discussion
I have this strange issue ongoing on my VM that my authorized_keys file in ssh folder keeps getting deleted automatically everytime i log into the ssh from gcp console.
I save keys in that file and it gets deleted automatically.
I am very pissed off right now because my connection with other machines gets broken repeatedly because of this. I need a solution quickly.
Gautham (Google Cloud Support)
Dec 25, 2019, 8:14:06 PM12/25/19
to gce-discussion
Hi,
The behavior you are seeing on the instance is due to the Google Daemons which are responsible for managing user accounts and ssh public keys using the metadata server. Due to these daemons user accounts and ssh keys are synced with metadata server and the VM instance. As such, the recommended method to manage ssh keys is by using metadata server. You can use instance metadata to add ssh keys which only will be applied to that instance and will not be propagated to all the instances in the project. The process is documented on this link.
In case you wish to manually manage the ssh keys you need to disable these daemons. This practice is not recommend as this might break other functionalities of GCE instance. For more information on these Google daemons you can refer to this link.
Gaurav Vij
Dec 26, 2019, 9:34:33 AM12/26/19
to gce-discussion
The issue is that I want to programmatically add the keys through a script on my machine. Not do it manually through the metadata section in console. Kindly provide me a solution using which I can add public keys to my machine using a script and that they don't get deleted automatically by the google Daemons.
Alexandre Duval-Cid
Dec 26, 2019, 1:35:01 PM12/26/19
to gce-discussion
Hey,
SSH keys on GCP are managed through metadata, either instance based or project wide. If you wish to do this a different way you can disable the Google accounts daemon and the linux guest environment, I must warn you that the extent of the consequences of doing so could be extensive.
As long as the daemon is active it will maintain the integrity of the files it manages to conform with the GCP metadata.
here is a link on how to do it [1].
Reply all
Reply to author
Forward
0 new messages