yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1658174] Re: cloud-init fails to disable ecdsa-sha2-nitp521 keys

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Scott Moser <smoser@xxxxxxxxxx>
Date: Sat, 23 Sep 2017 02:14:57 -0000
Reply-to: Bug 1658174 <1658174@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug is believed to be fixed in cloud-init in 17.1. If this is still
a problem for you, please make a comment and set the state back to New

Thank you.

** Changed in: cloud-init
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1658174

Title:
  cloud-init fails to disable ecdsa-sha2-nitp521 keys

Status in cloud-init:
  Fix Released

Bug description:
  cloud-init adds ssh_authorized_keys to the default user fedora and to
  root but for root it disables the keys with a prefix command that
  echoes the helpful message:

  'Please login as the user "fedora" rather than the user "root".'

  However, if the key is of type ecdsa-sha2-nistp521, it is not parsed
  correctly, and the prefix command is not prepended.

  This means that ECDSA keys can be used to login to root.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1658174/+subscriptions

References

[Bug 1658174] [NEW] cloud-init fails to disable ecdsa-sha2-nitp521 keys
From: Lars Kellogg-Stedman, 2017-01-20