Miscellaneous management tasks

Manage access with authorised SSH keys

Juju's SSH key management allows people other than the person who bootstrapped an environment to ssh into Juju machines. This is achieved with the juju authorised-keys command.

For syntax use juju authorised-keys --help or juju authorised-keys <sub-command> --help or see the command reference page.

Import a public SSH key from Launchpad (or Github):

juju authorised-keys import lp:some_launchpad_user

You can use add to bring in a local key if the environment does not have internet access. You will need to paste the key on the command line (or use something like $(cat key_file)).

Use the key fingerprint or comment to specify which key to delete. The fingerprint can be found with:

ssh-keygen -l -f <public or private key file>

When Juju adds/imports a key, the string "Juju:" will be prefixed to the key's comment. Juju can only manage (list or delete) the keys which it has added/imported.

Keys grant access to all machines. When a key is added, it is propagated to all machines in the environment, even those created prior to the addition of the key. When a key is deleted, it is removed from all machines.

Configure Proxy Access

Juju supports proxies and has special support for proxying APT. Proxies can be configured for the providers in the environments.yaml file, or added to an existing environment using juju set-env. The configuration options are:

  • http-proxy
  • https-proxy
  • ftp-proxy
  • no-proxy

Each protocol-specific option accepts a URL. The no-proxy option is a list of host names and addresses that services can directly connect to. For example:

http-proxy: http://proxy.example.com:9000
https-proxy: https://user@
no-proxy: localhost,

There are three additional proxy options specific to APT. Juju's default behaviour is to use the protocol-specific proxy options, but you can specify exceptions for cases where the network has a local APT mirror.

  • apt-http-proxy
  • apt-https-proxy
  • apt-ftp-proxy

For example, with squid-deb-proxy and containers running on a laptop, you can use apt-http-proxy by specifying the host machine’s network-bridge:


The proxy options are exported in all hook execution contexts, and also available in the shell through juju ssh or juju run.

Inspect API connection settings

The juju api-info command shows the settings used to connect to the Juju state-server's API. You can see the settings for all the fields (except for password) like so:

juju api-info

If you want to see the password being used, you need to either use the "--password" option:

juju api-info --password

or specify the password field as the only field to show:

juju api-info password

You can learn the value of any field by including it in the command line. For example, to discover the name of user created during the bootstrap stage, type:

juju api-info user

Recall that you can specify the environment:

juju api-info user -e local-env

© 2018 Canonical Ltd. Ubuntu and Canonical are registered trademarks of Canonical Ltd.