To configure an SSH key for a local user, you can use a Fedora CoreOS Config:
variant: fcos version: 1.1.0 passwd: users: - name: core ssh_authorized_keys: - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDC5QFS...
sshd uses a helper program to read public keys from files in a user’s
~/.ssh/authorized_keys.d directory. Key files are read in alphabetical order, ignoring dotfiles. The standard
~/.ssh/authorized_keys file is read afterward, in the usual way. To debug the reading of
~/.ssh/authorized_keys.d, manually run the helper program and inspect its output:
Ignition writes configured SSH keys to
~/.ssh/authorized_keys.d/ignition. On platforms where SSH keys can be configured at the platform level, such as AWS, Afterburn writes those keys to
Fedora CoreOS ships with no default passwords. You can use a Fedora CoreOS Config to set a password for a local user:
variant: fcos version: 1.1.0 passwd: users: - name: core password_hash: "$y$j9T$A0Y3wwVOKP69S.1K/zYGN.$S596l11UGH3XjN..."
To generate a secure password hash, use the
$ mkpasswd --method=yescrypt Password: $y$j9T$A0Y3wwVOKP69S.1K/zYGN.$S596l11UGH3XjN...
yescrypt hashing method is recommended for new passwords. For more details on hashing methods, see
man 5 crypt.
The configured password will be accepted for local authentication at the console. By default, Fedora CoreOS does not allow password authentication via SSH.
To enable password authentication via SSH, use the following Fedora CoreOS Config:
variant: fcos version: 1.1.0 storage: files: - path: /etc/ssh/sshd_config.d/20-enable-passwords.conf mode: 0644 contents: inline: | # Fedora CoreOS disables SSH password login by default. # Enable it. # This file must sort before 40-disable-passwords.conf. PasswordAuthentication yes