← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #10402

[Bug 1136343] Re: ssh_authorized_keys with space in comment breaks root account disabling

  Thread PreviousDate PreviousThread Next 
*** This bug is a duplicate of bug 1220273 ***
    https://bugs.launchpad.net/bugs/1220273

Juerg,
  sorry for the bouncing around of bug dups I just realized that this one was also a dupe of 1220273.
  We can't fix this without changing behavior that someone might be relying on.  Since that behavior isn't explicitly a security issue, we can't really do it.

** This bug has been marked a duplicate of bug 1220273
   spaces in comment break cloud-init disabling of root ssh

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1136343

Title:
  ssh_authorized_keys with space in comment breaks root account
  disabling

Status in Init scripts for use on cloud images:
  Fix Released

Bug description:
  if there is a space in the comment portion of an ssh_authorized_key,
  then the adding of a prefix is broken.  That prefix would normally
  provide the way to provide the "please login as user 'ubuntu'"
  message.  Instead, the user can go right in as root.

  Reproduce cloud-config is:
    #cloud-config
    ssh_authorized_keys:
     - ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA3I7VUf2l5gSn5uavROsc5HRDpZdQueUq5ozemNSj8T7enqKHOEaFoU2VoPgGEWC9RyzSQVeyD6s7APMcE82EtmW4skVEgEGSbDc1pvxzxtchBj78hJP6Cf5TCMFSXw+Fz5rF1dR23QDbN1mkHs7adr8GW4kSWqU7Q7NDwfIrJJtO7Hi42GyXtvEONHbiRPOe8stqUly7MvUoN+5kfjBM8Qqpfl2+FNhTYWpMfYdPUnE7u536WqzFmsaqJctz3gBxH9Ex7dFtrxR4qiqEr9Qtlu3xGn7Bw07/+i1D+ey3ONkZLN+LQ714cgj8fRS4Hj29SCmXp5Kt5/82cD/VN3NtHw== Scott Moser

  
  After boot, you'll see that this key is present without the prefix, and the holder of that key can go in as root.

  --- Original Bug Report --
  If a ssh key has a comment like "Tim Test" ssh-import-id returns 1 and adds the key to the root user without the the login message "Please login as the user "xxxx" rather than the user "root".

  # cloud-ini.log

  util.py[DEBUG]: Failed to run command to import vm-user ssh ids#012Traceback (most recent call last):#012  File "/usr/lib/python2.7/dist-packages/cloudinit/config/cc_ssh_import_id.py", line 97, in import_ssh_ids#012    util.subp(cmd, capture=False)#012  File "/usr/lib/python2.7/dist-packages/cloudinit/util.py", line 1429, in subp#012    cmd=args)#012ProcessExecutionError: Unexpected error while running command.#012Command: ['sudo', '-Hu', 'vm-user', 'ssh-import-id', 'vm-user']#012Exit code: 1#012Reason: -#012Stdout: ''#012Stderr: ''
  Feb 28 19:57:14 host-5-57-41-6 [CLOUDINIT] util.py[WARNING]: Running ssh-import-id (<module 'cloudinit.config.cc_ssh_import_id' from '/usr/lib/python2.7/dist-packages/cloudinit/config/cc_ssh_import_id.pyc'>) failed

  # config

  #part-001
  #cloud-config
  ssh_pwauth: false
  apt_update: true
  resize_rootfs: true
  ssh_import_id: [xxxxx]
  ssh_authorized_keys:
   - ssh-rsa AAAB3NzaC1yc2EAAAADAQABAAABAQDBMjYcppgCFyEFyJZYKgGZccl7LEVE7tb74iXnB1jq22HUTaS7BuWmBte/VA9KIsexs2k3gUZFg1DV94nnRMctYPsDL31Re8kB+sTIsKZKoO0smfDO7NWXQdOw2fM9tYxUtbesfeadTOpzzOhoYSIkkNyL40zZC6OlVd34AczPoZ6KUZ8vE9MIcLS6T11OBrHmR9DCmjDoyydBvxVx1/k3uvoWO83Ex/iFnu0b4S/+4uQKM5B5ntwwPD/DEccq4/e3BJ7zXK86DvKkkRu3tnksD7owRRKPrtAPWzgSXNiEiFKeMdgWYsggCX5cbjMbkv3j6bjagQn9v7/K/KBOdm== Tim Test
  packages:

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1136343/+subscriptions
  Thread PreviousDate PreviousThread Next