yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1999164] [NEW] when multiple SSH host key certificates are defined, only one HostCertificate is referenced in sshd_config

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Robert Jacobson <1999164@xxxxxxxxxxxxxxxxxx>
Date: Thu, 08 Dec 2022 17:12:08 -0000
Reply-to: Bug 1999164 <1999164@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

Public bug reported:

I'm not using a cloud provider; I'm installing Ubuntu 20.04 using
autoinstall and the bug is triggered during cloud-init with user-data (
cloud-init 22.4.2-0ubuntu0~20.04.1 )

I defined 3 types of SSH host keys and certs in user-data.  All 3 keys
and certs ended up in /etc/ssh/, but in sshd_config, there is only one
HostCertificate line for the RSA key.

user-data excerpt:

#cloud-config
autoinstall:
  version: 1 
[...]
  user-data:
    timezone: UTC
    disable_root: false
    ssh_deletekeys: false
    ssh_genkeytypes: [rsa, ecdsa, ed25519]
    ssh_keys:
      rsa_private: |
        [REDACTED]
      rsa_public: |
        [REDACTED]
      rsa_certificate: |
        [REDACTED]
      ecdsa_private: |
        [REDACTED]
      ecdsa_public: |
        [REDACTED]
      ecdsa_certificate: |
        [REDACTED]
      ed25519_private: |
        [REDACTED]
      ed25519_public: |
        [REDACTED]
      ed25519_certificate: |
        [REDACTED]

Result:
in /etc/sshd/sshd_config, only one cert line: HostCertificate /etc/ssh/ssh_host_rsa_key-cert.pub

** Affects: cloud-init
     Importance: Undecided
         Status: New

** Attachment added: "cloud-init.tar.gz"
   https://bugs.launchpad.net/bugs/1999164/+attachment/5635165/+files/cloud-init.tar.gz

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1999164

Title:
  when multiple SSH host key certificates are defined, only one
  HostCertificate is referenced in sshd_config

Status in cloud-init:
  New

Bug description:
  I'm not using a cloud provider; I'm installing Ubuntu 20.04 using
  autoinstall and the bug is triggered during cloud-init with user-data
  ( cloud-init 22.4.2-0ubuntu0~20.04.1 )

  I defined 3 types of SSH host keys and certs in user-data.  All 3 keys
  and certs ended up in /etc/ssh/, but in sshd_config, there is only one
  HostCertificate line for the RSA key.

  user-data excerpt:

  #cloud-config
  autoinstall:
    version: 1 
  [...]
    user-data:
      timezone: UTC
      disable_root: false
      ssh_deletekeys: false
      ssh_genkeytypes: [rsa, ecdsa, ed25519]
      ssh_keys:
        rsa_private: |
          [REDACTED]
        rsa_public: |
          [REDACTED]
        rsa_certificate: |
          [REDACTED]
        ecdsa_private: |
          [REDACTED]
        ecdsa_public: |
          [REDACTED]
        ecdsa_certificate: |
          [REDACTED]
        ed25519_private: |
          [REDACTED]
        ed25519_public: |
          [REDACTED]
        ed25519_certificate: |
          [REDACTED]

  Result:
  in /etc/sshd/sshd_config, only one cert line: HostCertificate /etc/ssh/ssh_host_rsa_key-cert.pub

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1999164/+subscriptions

Follow ups

[Bug 1999164] Re: when multiple SSH host key certificates are defined, only one HostCertificate is referenced in sshd_config
From: Alberto Contreras, 2023-02-22