yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1871879] [NEW] Configuring a user should not configure root's authorized_keys

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Florian Apolloner <1871879@xxxxxxxxxxxxxxxxxx>
Date: Thu, 09 Apr 2020 16:53:41 -0000
Reply-to: Bug 1871879 <1871879@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

When `ssh_authorized_keys` is configured in user-data key are
unconditionally copied into /root/.ssh/authorized_keys.

If `disable_root` is set to true it leaks the actual configured
username: "Please login as the user XYZ rather than the user root." With
`disable_root` is set to false you can login.

It would be great if there were a way to actually disable root and not
touch it at all. I fully understand that the info message is useful for
new users, but it would be great to have a way to leave root alone.

** Affects: cloud-init
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1871879

Title:
  Configuring a user should not configure root's authorized_keys

Status in cloud-init:
  New

Bug description:
  When `ssh_authorized_keys` is configured in user-data key are
  unconditionally copied into /root/.ssh/authorized_keys.

  If `disable_root` is set to true it leaks the actual configured
  username: "Please login as the user XYZ rather than the user root."
  With `disable_root` is set to false you can login.

  It would be great if there were a way to actually disable root and not
  touch it at all. I fully understand that the info message is useful
  for new users, but it would be great to have a way to leave root
  alone.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1871879/+subscriptions

Follow ups

[Bug 1871879] Re: Configuring a user should not configure root's authorized_keys
From: James Falcon, 2023-05-12