Ubuntu core image with pre configured login

Hi, I was wondering if building my own image would also let me skip the configuration phase of ubuntu core. This post says it should work.

When I try to SSH into the device with my image, though, I get a password prompt. Is there a way to skip the configuration phase from an image created via ubuntu-image?


  • model: ubuntu-core-18-pi-arm64
  • kernel: pi-kernel=18-pi
  • gadget: pi=18-pi

Slightly related question: can you also define some snap connections to be made in the image model?

With a recent version of ubuntu-image, you can use the --disable-console-conf option to turn off console-conf which then means the prompt to create a user is disabled and the device will not allow new users to be created.

If you still want to seed your own user into the image, you can create a system-user assertion for this task. See https://core.docs.ubuntu.com/en/guides/manage-devices/

Not yet, but that is something we are exploring

Hey, thanks for the answers.

From what i read, the closest you can get to automation is having a usb-stick with auto-import.assert that will setup a system user, right?

Yep. A USB stick, or some other block device that shows up in /sys/block/$dev with removable set to 1.

The assetions in the auto-import.assert file need to either be signed by the same key as the model definition, or a key defined in the system-user-authority list from the model definition.

if you have a brand store you can also use an “agent” or “config” snap that uses the snapd-control interface … that snap can then talk to the snapd API and create users via POST requests:


So, I tried out the USB stick, and it seemed to have worked, as on the screen it says to login: ssh my-name@ip

But, when i try that, i get a password prompt, wile I only added my ssh-key when running make-system-user.

Was the ssh public key part of the assertion you loaded?

Here’s a system-user assertion I used for something I was testing:

As it only includes a password, the created account only supports password authentication. If it also included a ssh-keys section, then it would also support ssh public key auth.

Hi james,

It generated a whole lot more for me, 3 types: “account”, “account-key”, and “system-user”.

Under system-user type, there is my ssh key: (edit, found out i had to use single quotes, didn’t help though).

  - ssh-rsa AAAAB3NzaC......== bart@laptop

No password to be found.

In your model assertion for the device, what is the system-user-authority key set to ?

Both authority-id and brand-id are set to my account id (as per " The simplest case" in https://core.docs.ubuntu.com/en/guides/manage-devices), I don’t have system-user-authority set.

Try setting system-user-authority to your account ID

Well, that did the trick =]

Didn’t think that’d be necessary, is that a fault in the docs, or a bug in the system to set the system user?

The extra assertions are fine. They shouldn’t be necessary if you’re signing the system-user assertion with the same key as the model assertion, but it shouldn’t hurt to include them.

If the account is correctly being created, perhaps try including a password in your assertion, and then see what gets placed in ~/.ssh/authorized_keys when you log in as the user?

I didn’t need to set system-user-authority for the model in my testing when using the same authority/key for both assertions. That shouldn’t be necessary.

1 Like

The system-user-authority when not specified defaults to the brand-id IIUC, so it is possible that it’s not necessary here, but it seems to have made it work for @bart …

If i do both, the ssh key is not even added to auto-import.assert. I guess I could have a look at .ssh/authorized by taking out the sd card (doing this on raspi) after it has made the system user with ssh key, and reading it at my laptop.

Well well well, it just worked this time…
Maybe it was my fault with the quotes around the ssh-key, and that I didn’t actually put the correct version on the USB stick or so?

Anyway, thanks a lot for all the help!