### SSH key pair automation The VirtualBox builders can inject the current SSH key pair's public key into the template using the `SSHPublicKey` template engine. This is the SSH public key as a line in OpenSSH authorized_keys format. When a private key is provided using `ssh_private_key_file`, the key's corresponding public key can be accessed using the above engine. @include 'packer-plugin-sdk/communicator/SSH-Private-Key-File-not-required.mdx' If `ssh_password` and `ssh_private_key_file` are not specified, Packer will automatically generate en ephemeral key pair. The key pair's public key can be accessed using the template engine. For example, the public key can be provided in the boot command as a URL encoded string by appending `| urlquery` to the variable: In JSON: ```json "boot_command": [ " text ks=http://{{ .HTTPIP }}:{{ .HTTPPort }}/ks.cfg PACKER_USER={{ user `username` }} PACKER_AUTHORIZED_KEY={{ .SSHPublicKey | urlquery }}" ] ``` In HCL2: ```hcl boot_command = [ " text ks=http://{{ .HTTPIP }}:{{ .HTTPPort }}/ks.cfg PACKER_USER={{ user `username` }} PACKER_AUTHORIZED_KEY={{ .SSHPublicKey | urlquery }}" ] ``` A kickstart could then leverage those fields from the kernel command line by decoding the URL-encoded public key: ```shell %post # Newly created users need the file/folder framework for SSH key authentication. umask 0077 mkdir /etc/skel/.ssh touch /etc/skel/.ssh/authorized_keys # Loop over the command line. Set interesting variables. for x in $(cat /proc/cmdline) do case $x in PACKER_USER=*) PACKER_USER="${x#*=}" ;; PACKER_AUTHORIZED_KEY=*) # URL decode $encoded into $PACKER_AUTHORIZED_KEY encoded=$(echo "${x#*=}" | tr '+' ' ') printf -v PACKER_AUTHORIZED_KEY '%b' "${encoded//%/\\x}" ;; esac done # Create/configure packer user, if any. if [ -n "$PACKER_USER" ] then useradd $PACKER_USER echo "%$PACKER_USER ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/$PACKER_USER [ -n "$PACKER_AUTHORIZED_KEY" ] && echo $PACKER_AUTHORIZED_KEY >> $(eval echo ~"$PACKER_USER")/.ssh/authorized_keys fi %end ```