How to avoid having to type password on nixops deploy

When I try to run nixops deploy on a network I have previously configured,it ask me for the root password of the nodes. How do I avoid it? I see that thedeployment.provisionSSHKey defaults to true, yet how do I use it without typing the password?

You can add your SSH key to the root user’s authorized keys

https://search.nixos.org/options?channel=21.11&show=users.users.<name>.openssh.authorizedKeys.keys&from=0&size=50&sort=relevance&type=packages&query=authorized

So what does deployment.provisionSSHKey do?

It is supposed to work like you say, so I’m not sure without seeing your whole config and workflow. If you used lib.mkForce on users.users.root.openssh.authorizedKeys.keys, that could override the nixops config. Another possibility is the state file isn’t being kept around.

You could look in /etc/ssh/authorized_keys.d/root to see what is there.

yes,there is a key file in that path

however even with that public key it still ask me for password

I was having a similar issue, and what I found out, is that apparently after the first login, nixops creates its own public+private key pair for logging into a machine. The private key is then stored in the SQLite “nixops state” database, linked to the machine. Any subsequent nixops logins to the machine try to use this private key stored in SQLite (for example, try: nixops ssh $machine_name). If, for some reason, the corresponding public key disappears from the “authorized_keys” list on the remote machine, nixops becomes confused and fails to further login into it.

At least that was what happened in my case. I’m just beginning my learning of nixops, so I’m not sure if what I did was right, but I resolved it with: nixops delete-resources followed by: nixops deploy. I don’t know if there’s a better way.