Use the steps below and example config to create a cloud-init file that creates a user, sets their password, and enables SSH access. The Cloud Config documentation has some examples, but they don’t actually work for being able to ssh into a server and run commands via sudo
First, create a password hash with mkpasswd command:
$ mkpasswd -m sha-512 Password:$6$nq4v1BtHB8bg$Oc2TouXN1KZu7F406ELRUATiwXwyhC4YhkeSRD2z/I.a8tTnOokDeXt3K4mY8tHgW6n0l/S8EU0O7wIzo.7iw1
Make note of the output string. You need to enter it exactly in the passwd line of your cloud-init config.
This is the minimal configuration to create a user using cloud-init:
users:
- name: brandon
groups: [ sudo ]
shell: /bin/bash
lock_passwd: false
passwd: "$6$nq4v1BtHB8bg$Oc2TouXN1KZu7F406ELRUATiwXwyhC4YhkeSRD2z/I.a8tTnOokDeXt3K4mY8tHgW6n0l/S8EU0O7wIzo.7iw1"
ssh-authorized-keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1zzzBBBGGGg3BZFFzTexMPpOdq34a6OlzycjkPhsh4Qg2tSWZyXZ my-key-name
A few things that are noteworthy:
passwd field is enclosed in quotes
lock_passwd: false is required to use sudo. Otherwise, the system user account created will have a disabled password and will be unable to use sudo. You’ll just continually be asked for a password, even if you enter it correctly.
sudo group to grant access to sudo. There are other ways to make that work as well, but I feel like this is the cleanest.ubuntu user from being created.