How does the linode_sshkey Terraform resource actually create the key?
The Terraform Linode provider docs state that the linode_sshkey resource CREATES the ssh key pair. This is reiterated in a few more tutorials. However, I cannot get this to work. Is the documentation correct, or does one instead have to manually create the key pair first and then reference it via this resource?
IF it does create it, then how do I specify the type of key? RSA or other? Encryption level ( .. -b 4096)? modify the permissions on the would be created key?
What am I missing? Please provide a clear working example / explanation.
Ref: https://registry.terraform.io/providers/linode/linode/latest/docs/resources/sshkey
2 Replies
This seems to be a documentation error that should be corrected by the Linode team. Per the Terraform errors below, the linode_sshkey resource cannot create the key pair. Instead, it's looking for an existing pair. Although it alludes to generating the keys elsewhere in the terraform code. Any advice on how to do that greatly appreciated.
╷
│ Error: Invalid function argument
│
│ on main.tf line 17, in resource "linode_sshkey" "public_ssh_key":
│ 17: ssh_key = chomp(file("~/.ssh/id_rsa.pub"))
│ ├────────────────
│ │ while calling file(path)
│
│ Invalid value for "path" parameter: no file exists at "~/.ssh/id_rsa.pub";
│ this function works only with files that are distributed as part of the
│ configuration source code, so if this file will be created by a resource in
│ this configuration you must instead obtain this result from an attribute of
│ that resource.
tlambert
Linode Staff
In the Terraform documentation, it says:
"Provides a Linode SSH Key resource. This can be used to create, modify, and delete Linodes SSH Keys."
"Create", in this sense, means create the key for the instance itself, not necessarily create the SSH key file on your local machine and the instance.
In my testing, I got the same Invalid value for "path" parameter as you when referencing a file that did not exist on my local machine attempting to plan my config. However, once reconfigured the linode_sshkey resource to point to my existing SSH key file, Terraform was able to deploy the config without an issue.
terraform {
required_providers {
linode = {
source = "linode/linode"
version = "2.9.3"
}
}
}
provider "linode" {
token = "my-api-token"
}
resource "linode_sshkey" "terra-key" {
label = "terra-key"
ssh_key = chomp(file("~/.ssh/id_rsa.pub"))
}
resource "linode_instance" "vanilla-deb11-ssh" {
image = "linode/debian11"
label = "Vanilla-Deb11-ssh"
group = "test"
region = "us-east"
type = "g6-standard-1"
authorized_keys = [linode_sshkey.terra-key.ssh_key]
root_pass = "reallystrongpassword"
}
I was able to find this post from Stack Overflow titled How to create an SSH key in Terraform? that gives instructions for creating SSH keys using Terraform on AWS. I would imagine the process is somewhat similar using Linode but I haven't tested it. It's worth noting the security concerns outlined by the OP:
"In general I would only use something like the above way of generating SSH keys for very temporary dev environments that you are controlling so you don't need to pass private keys to anyone."