Ssh into lxc vm fails - Permission denied (publickey)

Hi All,
As shown below, I do have a lxc vm named v2, standard ubuntu 22.04 based with ip address assigned.
When I try to ssh into it from host-machine it fails saying Permission denied (publickey). Any suggestion would be of great help

$ lxc list
|   NAME    |  STATE  |        IPV4         |                     IPV6                      |      TYPE       | SNAPSHOTS |
| ml01-vm   | RUNNING |                     |                                               | VIRTUAL-MACHINE | 0         |
| v2        | RUNNING | (eth0) | fd42:4aec:b51c:d679:216:3eff:fe23:ca5d (eth0) | VIRTUAL-MACHINE | 0         |

ip@op1:~$ ping
PING ( 56(84) bytes of data.
64 bytes from icmp_seq=1 ttl=64 time=0.683 ms
64 bytes from icmp_seq=2 ttl=64 time=0.310 ms
64 bytes from icmp_seq=3 ttl=64 time=0.306 ms
--- ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2051ms
rtt min/avg/max/mdev = 0.306/0.433/0.683/0.176 ms

ip@op1:~$ ssh ubuntu@
ubuntu@ Permission denied (publickey).

ip@op1:~$ lxc exec v2 -- sudo --user ubuntu --login
ubuntu@v2:~$ cat /etc/ssh/sshd_config | grep Password
PasswordAuthentication yes
#PermitEmptyPasswords no
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication, then enable this but set PasswordAuthentication

That’s doesn’t seems like an issue with LXD more one with SSH. Did you add your key to the ubuntu user of that instance? This is not something LXD does automatically, you need to use cloud-init for that or do manually (using lxc exec for example).

Well I havent added any key but I do have user named ubuntu with password set via lxc exec.
Also in sshd_config, " PasswordAuthentication yes" is enabled to accept the password.

Unlike virt-manager, in lxc vm we need to provide key for ssh login ?

This shouldn’t have anything to do with the virtualization provider. You checked the main sshd_config file but that doesn’t cover the included snippets.

sshd -T | grep passwordauthentication will tell you the effective value for that setting.

grep -ri passwordauthentication /etc/ssh/ will show you all the files/snippet altering that param.

In server images, cloud-init disables password authentication in the file /etc/ssh/sshd_config.d/60-cloudimg-settings.conf.


1 Like

Thanks for the details @sdeziel1

I was not aware that ubuntu cloud images have SSH password login block enabled by default.
I understand now that it is nothing to do with LXD or any virtualization software as the whole magic is done inside the cloud-image.

Now I need to figure out how to overcome this so that I can do SSH login into the system without relying on lxc console or lxc exec

1 Like

@codingfreak, as a source of inspiration, here’s what I typically put in my default profile:

$ lxc profile show default
name: default
description: Default LXD profile
  cloud-init.user-data: |-
    - lp:sdeziel

See Ubuntu Manpage: ssh-import-id - retrieve one or more public keys from a public keyserver and append them for how ssh-import-id works as it can import from Launchpad (lp:) and GitHub (gh:).