How Do I Add an SSH Key to CoreOS?

I previously published a way to add an SSH Key to a CoreOS Droplet. It is quite complicated. However, I neglected to realize that after CoreOS is up and running, I can just add entries in ~/.ssh/authorized_keys. Doh.

1. ssh core@your_coreos_machine  
2. scp you@your_ssh_client cat ~/.ssh/id_rsa.pub >> .ssh/authorized_keys  

All done. Well, almost. This is a temporary measure. The authorized_keys file is overwritten by the contents of the ssh_keys section of cloud-config.yaml, which has been squirreled away during the install. It cannot be changed.

However, it is possible to use a "config drive" to add authorized_keys to CoreOS. The clues are posted here:

https://coreos.com/os/docs/latest/cloud-config.html

and here:

https://coreos.com/os/docs/1423.0.0/config-drive.html

Here's a useful script to generate the .iso file:

#!/bin/bash

(
echo "#cloud-config"  
echo "ssh_authorized_keys:"  
echo "  - $(cat ~/.ssh/id_rsa.pub)"  
echo "  - $(cat small_id_rsa.pub)"  
echo "  - $(cat localhost_id_rsa.pub)"  
) > user_data

mkdir -p /tmp/new-drive/openstack/latest  
cp user_data /tmp/new-drive/openstack/latest/user_data  
#mkisofs -R -V config-2 -o configdrive.iso /tmp/new-drive
hdiutil makehybrid -iso -joliet -default-volume-name config-2 -o configdrive.iso /tmp/new-drive  
rm -r /tmp/new-drive  

Note: To add an SSH Key you must:
1. remove .ssh/authorized_keys.d/coreos-cloudinit
2. stop the VM
3. make a new configdrive.iso with the new keys in it
4. start the VM