| Thread Previous • Date Previous • Date Next • Thread Next |
Tracked in Github Issues as https://github.com/canonical/cloud-
init/issues/3417
** Bug watch added: github.com/canonical/cloud-init/issues #3417
https://github.com/canonical/cloud-init/issues/3417
** Changed in: cloud-init
Status: Triaged => Expired
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1839061
Title:
Wrong access permissions of authorized keys directory when using root-
owned location
Status in cloud-init:
Expired
Bug description:
When using a central, root-owned directory to store ssh keys, cloud-
init changes the permissions of the key directory which renders the
keys unusable.
I'm using a similar approach as described here:
https://www.ssh.com/ssh/key/
MOVING SSH KEYS TO A ROOT-OWNED LOCATION
but I'm using the config
AuthorizedKeysFile /etc/ssh/keys/%u
In the original image, the permissions of the keys directory
/etc/ssh/keys are 0755 - owned by root:root. It contains all the keys
of the users. All keys have 0644 permissions and are also owned by
root:root. (The background: Users are not allowed to change their ssh
keys.)
After the machine boots and cloud-init finishes, the permissions of
the key directory /etc/ssh/keys is 0700 and it is impossible to use
key-authentication, because sshd cannot access the key files.
IMHO the reason for this is, that cloud-init changes the permission of
the keys directory
https://git.launchpad.net/cloud-init/tree/cloudinit/ssh_util.py#n259
util.ensure_dir(os.path.dirname(auth_key_fn), mode=0o700)
which is wrong in this use case.
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1839061/+subscriptions
| Thread Previous • Date Previous • Date Next • Thread Next |
