How to add ssh key to qcow2 Linux cloud images using virt-sysprep

in Categories , , , , last updated December 28, 2017

I have installed and setup KVM server on an Ubuntu Linux. I downloaded various .qcow2 cloud images. How do I setup public ssh keys for downloaded CentOS/FreeBSD/Ubuntu cloud images using virt-sysprep?

You need to use a command called virt-sysprep that lets you reset or unconfigure virtual machines in preparation for cloning them.

Step 1: Install virt-sysprep

Type the following apt-get command/apt command to install virt-sysprep on a Debian or Ubuntu Linux:
$ sudo apt install libguestfs-tools
If you are using a CentOS/RHEL/Oracle/Scientific Linux, type the following yum command:
$ sudo yum install libguestfs-tools
If you are using a Fedora Linux, type the following dnf command to install the same:
$ sudo dnf install libguestfs-tools

Step 2: Download cloud image in .qcow2 format

You can grab cloud images from the following sites (grab the file ending with .qcow2/.qcow2.xz extensions):

  1. CentOS 7
  2. CentOS 6.x
  3. Debian 8.x
  4. Debian 9.x
  5. Fedora 26
  6. Ubuntu 16.04 LTS
  7. FreeBSD 11.x
  8. openSUSE/SLES
  9. AWS Linux
  10. RHEL 7 (subscription only)
  11. RHEL 6(subscription only)
  12. SLES(subscription only)

For demo purpose I am downloading and using CentOS 7 image using wget command:
$ wget
Use xz command for decompression:
$ xz -v -d CentOS-7-x86_64-GenericCloud.qcow2.xz

Step 3: Setup/inject an ssh keys

To inject an ssh key so the given “USER” will be able to log in over ssh without supplying a password. The “USER” must exist already in the guest. For CentOS 7 user name is centos:
$ sudo virt-sysprep -a CentOS-7-x86_64-GenericCloud.qcow2 \
--ssh-inject centos:file:/home/vivek/.ssh/


  • --ssh-inject centos:file:/home/vivek/.ssh/ : Read the ssh key from

It is also possible to create a new user named vivek and add ssh-key as follows:
$ sudo virt-sysprep -a CentOS-7-x86_64-GenericCloud.qcow2 \
--run-command 'useradd vivek' \
--ssh-inject vivek:file:/home/vivek/.ssh/

Sample outputs:

Adding SSH key to Linux KVM cloud user vivek  using virt-sysprep
Adding SSH key to Linux KVM cloud user vivek using virt-sysprep

Step 4: Launch a new VM using CentOS-7-x86_64-GenericCloud-1503.qcow2 image

The syntax is:
$ virt-install --import \
--name centos7-vm1 \
--memory 1024 \
--vcpus 2 \
--cpu host \
--disk path=/var/lib/libvirt/images/centos7.qcow2,size=10,bus=virtio,format=qcow \
--os-type=linux \
--os-variant=centos7.0 \
--graphics spice \
--noautoconsole \
--disk /home/vivek/modifyisoimages/CentOS-7-x86_64-GenericCloud.qcow2

Step 5: Test it with ssh

To find out your vm’s IP address run:
$ virsh net-list
$ virsh net-dhcp-leases default

To login using ssh command:
$ ssh vivek@vms-ip-address-here

Other options to set ssh key for your cloud images

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

Share this on (or read 0 comments/add one below):