yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1404060] [NEW] SSH keys not updated correctly when sshd_config "AuthorizedKeysFile" contains multiple values

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Alex Gottschalk <alex.gottschalk@xxxxxxxxxxx>
Date: Fri, 19 Dec 2014 00:01:27 -0000
Reply-to: Bug 1404060 <1404060@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

I have overridden the AuthorizedKeysFile stanza in my site's
sshd_config, as follows:

AuthorizedKeysFile      %h/.ssh/authorized_keys
/etc/ssh/authorized_keys/%u

This allows two locations for authorized keys, which is useful for us
because reasons.

It looks like cloud-init is incorrectly parsing this line to determine
where to drop user keys, as I'm ending up with the following file:

"/home/ubuntu/.ssh/authorized_keys /etc/ssh/authorized_keys/ubuntu"
(note that the space is part of the directory name under .ssh)

I think cloud-init should probably treat whitespace as a field separator
here, and append keys to all AuthorizedKeysFile entries listed.

** Affects: cloud-init
     Importance: Undecided
         Status: New

** Summary changed:

- authorized_keys not updated when sshd_config "AuthorizedKeysFile" contains multiple values
+ SSH keys not updated correctly when sshd_config "AuthorizedKeysFile" contains multiple values

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1404060

Title:
  SSH keys not updated correctly when sshd_config "AuthorizedKeysFile"
  contains multiple values

Status in Init scripts for use on cloud images:
  New

Bug description:
  I have overridden the AuthorizedKeysFile stanza in my site's
  sshd_config, as follows:

  AuthorizedKeysFile      %h/.ssh/authorized_keys
  /etc/ssh/authorized_keys/%u

  This allows two locations for authorized keys, which is useful for us
  because reasons.

  It looks like cloud-init is incorrectly parsing this line to determine
  where to drop user keys, as I'm ending up with the following file:

  "/home/ubuntu/.ssh/authorized_keys /etc/ssh/authorized_keys/ubuntu"
  (note that the space is part of the directory name under .ssh)

  I think cloud-init should probably treat whitespace as a field
  separator here, and append keys to all AuthorizedKeysFile entries
  listed.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1404060/+subscriptions

Follow ups

[Bug 1404060] Re: SSH keys not updated correctly when sshd_config "AuthorizedKeysFile" contains multiple values
From: James Falcon, 2023-05-10
[Bug 1404060] [NEW] SSH keys not updated correctly when sshd_config "AuthorizedKeysFile" contains multiple values
From: Alex Gottschalk, 2014-12-19

References

[Bug 1404060] [NEW] SSH keys not updated correctly when sshd_config "AuthorizedKeysFile" contains multiple values
From: Alex Gottschalk, 2014-12-19