Scott Moser smoser at
Fri Dec 17 05:36:34 EST 2010

On Thu, 16 Dec 2010, Alex Bligh wrote:

> --On 16 December 2010 08:07:03 -0600 Dustin Kirkland <kirkland at>
> wrote:
> > If that's a blocker to getting this tool upstream into openssh, I'll
> > gladly add a -u option.
> To be clear, I have no commit rights and am a mere user, so am not
> in a position to say it's a blocker. I'm just saying the more widely
> useful it is, the better, and we'd need that for it to be useful.
> Out of interest, in Scott's cloud-init stuff, I am pretty sure you
> populate the ssh key for the ubuntu user whereas the script in
> cloudinit runs as root. Does that mean you currently do:
>    su ubuntu ssh-import-id keyfile
> or similar.

Well, cloud-init has built in code that takes a authorized key from a
metadata service and install that into a configured user's directory.
(On ec2 it comes from http://

If you have additional keys that you need inserted, or you'd rather just
not deal with launching instances with '--key <mykeyname>', then you can
use "user-data" in ec2 to run a script that would include something like:

sudo -Hu ubuntu ssh-import-id smoser

I personally don't use the user data for this that much, but I do quite
often use ssh-import-id to pull in another developers keys to an existing
instance to show them something (ie failure/bug or just to share the
resource with them).

I agree that the following is possibly simpler:
ssh-import-id -u ubuntu smoser

But I really don't think terribly so.  Also, I had a merge request that
will dump the keys to a file or stdout also, rather than writing them to


More information about the openssh-unix-dev mailing list