I've found my experience with LXD on Ubuntu 24.04 LTS to be extremely pleasant so far. Having recently moved on from HashiCorp's Vagrant and VirtualBox setup, I did so for two primary reasons. The first was the overhead associated with installing both tools, and the second was the resource-intensive nature of running full virtual machines within VirtualBox. While I had a positive experience with my Vagrant and VirtualBox setup on my robust home lab workstation, moving to LXD (installed as a snap) on my Ubuntu system has unlocked a wealth of possibilities for my various home lab projects. The ease of using both LXC containers and KVM/QEMU virtual machines has provided a local, cloud-esque environment, significantly reducing the need for costly cloud hosting.
Provisioning SSH public keys to Vagrant/VirtualBox VMs involved either a sequence of shell commands or leveraging Ansible's local provisioner in conjunction with Vagrant. This repetitive process, though manageable, was a standard part of the workflow. When it comes to LXD setup for ssh key management, there is a simple way to achieve it.
LXD comes with default profile after the initial setup process. Run the following command to view it.
After updating the config file, verify it with lxc profile show default to ensure that it takes the configuration correctly. Then let's spin up some LXC containers and KVM/QEMU virtual machines to test the ssh key authentication as below.
# Spin up 3 LXC containers to test
tyla@e32:~$ for i in {1..3}; do lxc launch ubuntu:24.04 ct$i; done
Launching ct1
Launching ct2
Launching ct3
# Check the ip address of ct1 container
tyla@e32:~$ lxc list
+------+---------+---------------------+-----------------------------------------------+-----------+-----------+
| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
+------+---------+---------------------+-----------------------------------------------+-----------+-----------+
| ct1 | RUNNING | 10.18.34.39 (eth0) | fd42:2751:df65:31e1:216:3eff:fe06:7a59 (eth0) | CONTAINER | 0 |
+------+---------+---------------------+-----------------------------------------------+-----------+-----------+
| ct2 | RUNNING | 10.18.34.23 (eth0) | fd42:2751:df65:31e1:216:3eff:fed7:a586 (eth0) | CONTAINER | 0 |
+------+---------+---------------------+-----------------------------------------------+-----------+-----------+
| ct3 | RUNNING | 10.18.34.187 (eth0) | fd42:2751:df65:31e1:216:3eff:fed3:881c (eth0) | CONTAINER | 0 |
+------+---------+---------------------+-----------------------------------------------+-----------+-----------+
# SSH into ct1 with the username ubuntu
tyla@e32:~$ ssh ubuntu@10.18.34.39
The authenticity of host '10.18.34.39 (10.18.34.39)' can't be established.
ED25519 key fingerprint is SHA256:JOm+4h6HAWWQdsnrzOBJeCb4vn9kmBMUYtTysFAhPQQ.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '10.18.34.39' (ED25519) to the list of known hosts.
Welcome to Ubuntu 24.04.2 LTS (GNU/Linux 6.8.0-60-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/pro
System information as of Sun May 25 09:18:55 UTC 2025
System load: 0.52
Usage of /: 2.7% of 17.63GB
Memory usage: 0%
Swap usage: 0%
Temperature: 39.0 C
Processes: 22
Users logged in: 0
IPv4 address for eth0: 10.18.34.39
IPv6 address for eth0: fd42:2751:df65:31e1:216:3eff:fe06:7a59
Expanded Security Maintenance for Applications is not enabled.
0 updates can be applied immediately.
Enable ESM Apps to receive additional future security updates.
See https://ubuntu.com/esm or run: sudo pro status
The list of available updates is more than a week old.
To check for new updates run: sudo apt update
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.
ubuntu@ct1:~$
logout
Connection to 10.18.34.39 closed.
# Verify the default profile's used_by: key
tyla@e32:~$ lxc profile show default
name: default
description: Default LXD profile
config:
user.user-data: |
#cloud-config
ssh_authorized_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEw29dm54JK5se8JxdWdt2MC8CSw8VICRcBQBZPxYAbS tyla
devices:
eth0:
name: eth0
network: lxdbr0
type: nic
root:
path: /
pool: default
type: disk
used_by:
- /1.0/instances/ct1
- /1.0/instances/ct2
- /1.0/instances/ct3
# Cleanup the containers
tyla@e32:~$ for i in {1..3}; do lxc delete ct$i --force; done
# Spin up 3 KVM/QEMU virtual machines to test
tyla@e32:~$ for i in {1..3}; do lxc launch ubuntu:24.04 vm$i --vm; done
Launching vm1
Launching vm2
Launching vm3
# Check the ip address of vm1
tyla@e32:~$ lxc list
+------+---------+----------------------+-------------------------------------------------+-----------------+-----------+
| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
+------+---------+----------------------+-------------------------------------------------+-----------------+-----------+
| vm1 | RUNNING | 10.18.34.22 (enp5s0) | fd42:2751:df65:31e1:216:3eff:fe98:d591 (enp5s0) | VIRTUAL-MACHINE | 0 |
+------+---------+----------------------+-------------------------------------------------+-----------------+-----------+
| vm2 | RUNNING | 10.18.34.88 (enp5s0) | fd42:2751:df65:31e1:216:3eff:fe65:2fbc (enp5s0) | VIRTUAL-MACHINE | 0 |
+------+---------+----------------------+-------------------------------------------------+-----------------+-----------+
| vm3 | RUNNING | 10.18.34.69 (enp5s0) | fd42:2751:df65:31e1:216:3eff:fe36:f7bb (enp5s0) | VIRTUAL-MACHINE | 0 |
+------+---------+----------------------+-------------------------------------------------+-----------------+-----------+
# SSH into the vm1 with username ubuntu
tyla@e32:~$ ssh ubuntu@10.18.34.22
The authenticity of host '10.18.34.22 (10.18.34.22)' can't be established.
ED25519 key fingerprint is SHA256:mmZsuBe9nrnWyePdUSOTn/ad+26iTd1KgQ7e5vL7Hco.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '10.18.34.22' (ED25519) to the list of known hosts.
Welcome to Ubuntu 24.04.2 LTS (GNU/Linux 6.8.0-60-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/pro
System information as of Sun May 25 09:27:40 UTC 2025
System load: 0.42
Usage of /: 18.2% of 8.65GB
Memory usage: 19%
Swap usage: 0%
Processes: 121
Users logged in: 0
IPv4 address for enp5s0: 10.18.34.22
IPv6 address for enp5s0: fd42:2751:df65:31e1:216:3eff:fe98:d591
Expanded Security Maintenance for Applications is not enabled.
0 updates can be applied immediately.
Enable ESM Apps to receive additional future security updates.
See https://ubuntu.com/esm or run: sudo pro status
The list of available updates is more than a week old.
To check for new updates run: sudo apt update
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.
ubuntu@vm1:~$
logout
Connection to 10.18.34.22 closed.
# Verify the default profile's used_by: key
tyla@e32:~$ lxc profile show default
name: default
description: Default LXD profile
config:
user.user-data: |
#cloud-config
ssh_authorized_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEw29dm54JK5se8JxdWdt2MC8CSw8VICRcBQBZPxYAbS tyla
devices:
eth0:
name: eth0
network: lxdbr0
type: nic
root:
path: /
pool: default
type: disk
used_by:
- /1.0/instances/vm1
- /1.0/instances/vm2
- /1.0/instances/vm3
# Cleanup the virtual machines
tyla@e32:~$ for i in {1..3}; do lxc delete vm$i --force; done
