yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #10402
[Bug 1136343] Re: ssh_authorized_keys with space in comment breaks root account disabling
*** This bug is a duplicate of bug 1220273 ***
https://bugs.launchpad.net/bugs/1220273
Juerg,
sorry for the bouncing around of bug dups I just realized that this one was also a dupe of 1220273.
We can't fix this without changing behavior that someone might be relying on. Since that behavior isn't explicitly a security issue, we can't really do it.
** This bug has been marked a duplicate of bug 1220273
spaces in comment break cloud-init disabling of root ssh
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1136343
Title:
ssh_authorized_keys with space in comment breaks root account
disabling
Status in Init scripts for use on cloud images:
Fix Released
Bug description:
if there is a space in the comment portion of an ssh_authorized_key,
then the adding of a prefix is broken. That prefix would normally
provide the way to provide the "please login as user 'ubuntu'"
message. Instead, the user can go right in as root.
Reproduce cloud-config is:
#cloud-config
ssh_authorized_keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA3I7VUf2l5gSn5uavROsc5HRDpZdQueUq5ozemNSj8T7enqKHOEaFoU2VoPgGEWC9RyzSQVeyD6s7APMcE82EtmW4skVEgEGSbDc1pvxzxtchBj78hJP6Cf5TCMFSXw+Fz5rF1dR23QDbN1mkHs7adr8GW4kSWqU7Q7NDwfIrJJtO7Hi42GyXtvEONHbiRPOe8stqUly7MvUoN+5kfjBM8Qqpfl2+FNhTYWpMfYdPUnE7u536WqzFmsaqJctz3gBxH9Ex7dFtrxR4qiqEr9Qtlu3xGn7Bw07/+i1D+ey3ONkZLN+LQ714cgj8fRS4Hj29SCmXp5Kt5/82cD/VN3NtHw== Scott Moser
After boot, you'll see that this key is present without the prefix, and the holder of that key can go in as root.
--- Original Bug Report --
If a ssh key has a comment like "Tim Test" ssh-import-id returns 1 and adds the key to the root user without the the login message "Please login as the user "xxxx" rather than the user "root".
# cloud-ini.log
util.py[DEBUG]: Failed to run command to import vm-user ssh ids#012Traceback (most recent call last):#012 File "/usr/lib/python2.7/dist-packages/cloudinit/config/cc_ssh_import_id.py", line 97, in import_ssh_ids#012 util.subp(cmd, capture=False)#012 File "/usr/lib/python2.7/dist-packages/cloudinit/util.py", line 1429, in subp#012 cmd=args)#012ProcessExecutionError: Unexpected error while running command.#012Command: ['sudo', '-Hu', 'vm-user', 'ssh-import-id', 'vm-user']#012Exit code: 1#012Reason: -#012Stdout: ''#012Stderr: ''
Feb 28 19:57:14 host-5-57-41-6 [CLOUDINIT] util.py[WARNING]: Running ssh-import-id (<module 'cloudinit.config.cc_ssh_import_id' from '/usr/lib/python2.7/dist-packages/cloudinit/config/cc_ssh_import_id.pyc'>) failed
# config
#part-001
#cloud-config
ssh_pwauth: false
apt_update: true
resize_rootfs: true
ssh_import_id: [xxxxx]
ssh_authorized_keys:
- ssh-rsa AAAB3NzaC1yc2EAAAADAQABAAABAQDBMjYcppgCFyEFyJZYKgGZccl7LEVE7tb74iXnB1jq22HUTaS7BuWmBte/VA9KIsexs2k3gUZFg1DV94nnRMctYPsDL31Re8kB+sTIsKZKoO0smfDO7NWXQdOw2fM9tYxUtbesfeadTOpzzOhoYSIkkNyL40zZC6OlVd34AczPoZ6KUZ8vE9MIcLS6T11OBrHmR9DCmjDoyydBvxVx1/k3uvoWO83Ex/iFnu0b4S/+4uQKM5B5ntwwPD/DEccq4/e3BJ7zXK86DvKkkRu3tnksD7owRRKPrtAPWzgSXNiEiFKeMdgWYsggCX5cbjMbkv3j6bjagQn9v7/K/KBOdm== Tim Test
packages:
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1136343/+subscriptions