DO Ideas 2

When rebuilding, let me choose the ssh keys

Currently when rebuilding the control panel doesn't let me choose the ssh keys I want. Maybe I want to include new ones, added since the droplet was first created; maybe I want to drop keys I deem insecure.

It's not just about convenience: having this feature would ensure that the droplet keeps the same IP.

Cheers!

  • Ezequiel Garzon
  • Sep 11 2018
  • Attach files
  • Sean Anderson commented
    September 11, 2018 19:23

    It's sad to see the first comments on this.
    Saying they're going to give us the feature 5 years ago, cheers over it and everything.
    And here I am, wondering why this isn't a thing.
    It is SUCH A PAIN to use your console, I am glad that it is there but dread ever having to use it.
    But I have to to get into my newly rebuilt server.
    And you send me a password that is painful to type into your painfully slow console.
    A paste feature would go a long way to alleviating the hate I have for that console.

  • Christian Genco commented
    September 11, 2018 19:24

    +1

  • rrs209 commented
    September 11, 2018 19:24

    +1 Also ran into this issue today.

  • Ladislav Šulc commented
    September 11, 2018 19:24

    Hi, I just rebuilded the droplet and cannot access it via SSH - keys are obviously gone and couldn't choose them.

  • Amanda commented
    September 11, 2018 19:24

    I just ran into this issue too.

  • Cos commented
    September 11, 2018 19:24

    BTW, just in case some of you don't know this, you *can* at least look at the list of ssh keys for your droplet while it's up. Just do "curl http://169.254.169.254/metadata/v1/public-keys" from the droplet itself - only the droplet has access to this info; it cannot be seen from the UI or anywhere else. This is the set of keys that will be installed on your droplet when you rebuild it. You cannot change it, you can only look at it.

    I didn't know about this and it seems well hidden in the documentation unless you know what to look for. I only found out about it after a round of back and forth with digitalocean support, asking them pointed questions after they told me that they don't store ssh keys for a droplet (which is obviously not true).

  • Anonymous commented
    September 11, 2018 19:24

    As an update on this, I was just told by DO support that you need to delete the droplet. It's clear they have no intention of ever implementing this, so if you've ended up at this thread, give up now.

  • Jesse Jones commented
    September 11, 2018 19:24

    I'd like to add, the instance was *built* with this SSH key... which no longer seems to be present after rebuilding. I don't know if the new interface doesn't "remember" the keys or what, but it's very frustrating!

  • Jesse Jones commented
    September 11, 2018 19:24

    It's kinda shameful that this request has languished for over two years with no response. I just tried to rebuild an instance that *had* my SSH keys on it, and after the rebuild I was no longer able to authenticate with my keys!

    It really makes sense to let people select SSH keys when they rebuild (and keep the same IP).

  • Chris Kozak commented
    September 11, 2018 19:24

    Helllooooooo

  • Anonymous commented
    September 11, 2018 19:24

    So sad that this hasn't been implemented, this may force me to move to a different platform.

  • Chris Kozak commented
    September 11, 2018 19:24

    Has any progress been made on this?

  • Oliver Nordbjerg commented
    September 11, 2018 19:24

    > should be ready within the next 1-2 weeks.
    > 6 months later, still nothing

  • Moisey Uretsky commented
    September 11, 2018 19:24

    We will be adding this to the latest CP and ensuring that it's also supported in the API - should be ready within the next 1-2 weeks.

    Thanks!

  • Giles Thomas commented
    September 11, 2018 19:24

    Excellent, it would be great if rebuild took the same options as create. Just in case it's of use, here's my use case:

    * I want a constant IP for my droplet so that I can host a website.
    * I want to be able to recreate the server from scratch from any of my machines (laptop, desktop, etc), and prefer to have separate private keys for each.
    * This means that I have a script that finds the droplet's ID, then rebuilds it, then logs in and does a bunch of apt-get, upload config file, etc. stuff to configure it.
    * That script obviously needs to be able to log in to the freshly-rebuilt server, so it needs an ssh key that will work from the machine where it's being run.
    * With the current API, I can only use ssh keys that the droplet was originally created with, so that means that if I get a new laptop I'll either have to reuse an old ssh key (which is not great securitywise) or create a fresh droplet (which means I would lose the IP address).

    So, obviously, being able to say "rebuild with these keys" would be a big win for me.

    BTW another way to get the same effect would be the ability to use an old IP with a new droplet, as then people with similar use cases to mine would be able to start a completely fresh droplet with new keys, then switch the IP over. AWS's Elastic IPs work this way -- we use them at work, and it means that we can create a completely new web server, then once it's ready we switch over the IP so that the old server loses it and the new one gets it, so you get a minimal-downtime rebuild. They make sure that people don't horde IPs by saying that you pay for any that aren't currently bound to a running machine. If you're looking for new features to add then please consider doing something equivalent!

  • Moisey Uretsky commented
    September 11, 2018 19:24

    Thanks =]

  • Ezequiel Garzon commented
    September 11, 2018 19:24

    Moisey, this is plain amazing. The attention to feedback (even if this was already planned) is unmatched! DO will take over!

    Cheers!

  • Moisey Uretsky commented
    September 11, 2018 19:24

    Hi,

    We're going to be updating the rebuild feature so that it has all of the same options as create.