; Date: Sun May 31 2020
Multipass is an excellent tool for running Ubuntu on macOS or Windows laptops. Out of the box it does not enable passwordless SSH access to the Ubuntu instance, and instead you use the multipass shell command. Sometimes you need passwordless SSH access, however.
In my case I want to experiment with remote control access to Docker. To do this requires passwordless access to a Linux instance that's running Docker. What passwordless SSH means is to install ones "SSH Key" as an authorized key for a remote system. At that point you're able to use SSH to access that remote system, without it asking you for a password.
Multipass has the
multipass shell command that starts a login session inside the Multipass instance. For most intents and purposes that is fine, and I have been using Multipass for months without needing any other access method.
Out of the box this is what results:
$ ssh email@example.com The authenticity of host '192.168.64.14 (192.168.64.14)' can't be established. ECDSA key fingerprint is SHA256:+rBEXAMPLEb2MREXAMPLE4+mOukYDtkoJ4EXAMPLExs. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.64.4' (ECDSA) to the list of known hosts. firstname.lastname@example.org: Permission denied (publickey).
We know from using Multipass Ubuntu instances, that the default user account is named
ubuntu, and that Multipass assigns an IP address to the instance. That IP address can be used for example to access a service hosted inside the instance. But, as you can see, Multipass instances are not configured to allow this. Further, we do not know what the password of that Ubuntu user account is.
Any time you see
Permission denied (publickey) as the response to using SSH to access a system, it means your public key is not valid with that remote system. The universal cure is to add your public SSH key to the authorized keys of the remote system. That it's a Multipass instance doesn't make any difference, because the cure is the same.
Why do we need passwordless SSH? I've survived for months using Multipass without this. But consider an example in another post, Use Canonical's Multipass to display Linux desktop on macOS desktop and VNC, where I discuss setting up an SSH tunnel to assist running VNC.
$ ssh -L 5901:127.0.0.1:5901 -C -N -l ubuntu YOUR-SERVER-IP-ADDRESS
There are all sorts of uses for SSH tunnels, not just for setting up VNC access. And, there are many tools will use an SSH URL, like
ssh://user-name@server-name, to access a service. In other words, it depends on what you're doing in an Multipass instance as to why or whether you need passwordless SSH access.
Setting up passwordless SSH for a Multipass instance
This is so trivially easy to implement.
First off, you must have an SSH key. If you're using a Linux or macOS machine, an SSH key is easily generated using the
ssh-keygen tool. For Windows, well, I was about to say that SSH is not easily available for Windows, but I see that
OpenSSH is available in Windows 10 since October 2018. Cool. Microsoft is perhaps changing to not be the bad Microsoft of old.
At this point I'm assuming you have already run
ssh-keygen and have an SSH key.
$ ls ~/.ssh authorized_keys id_rsa id_rsa.pub known_hosts
id_rsa.pub file contains your public key. The
authorized_keys file contains the public keys that are allowed to access the computer.
An SSH public key looks like this:
cat ~/.ssh/id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EXAMPLEQABAAABAQDBAeUncZx5zWVI2Yry+pYCZSIRR88Cvt3gq5fbzerFvMcOKEXAMPLEXAMPLRLEV8L1ovH+gjO+5Ma4DNuhAKh5f21YFV7j6EXAMPLEIfmZt1l6u4BcUTEXAMPLEdvl8U8oswZ/ivVxyWhSnHMqp3FiXpCPuN9bqnTuEXAMPLEf/Fo2EXAMPLEp/wMljTn5WQBKJ8uM7tP+aEXAMPLEryDtgWe65EXAMPLENFjdAEXAMPLEP+0h/jDeh25jr1KU9yVwVEXAMPLEeNqgrLwGt/m1A8ueuaMZobyxRRDt5rNACx3BZoJEXAMPLEOUj6JHuApZqLu8IDc5t3hMhYazcmUx EXAMPLE@EXAMPLE
This is not a real SSH key, but a modified one. But once you have this block of text, you log in to the remote computer. In this case:
$ multipass shell swarm1 ... $ ls .ssh authorized_keys
Then, you simply edit that file and paste in the text of your SSH key.
You then save that file, and log out of the Multipass instance. BTW, these instructions work for any remote computer that uses OpenSSH, not just Ubuntu running inside Multipass.
$ multipass list Name State IPv4 Imageswarm1 Running 192.168.64.14 Ubuntu 20.04 LTS
Once you've done that, you can run:
$ ssh email@example.com ,,,
And you will log-in to the Multipass instance without requiring a password.