yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1871879] Re: Configuring a user should not configure root's authorized_keys

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: James Falcon <1871879@xxxxxxxxxxxxxxxxxx>
Date: Fri, 12 May 2023 05:34:48 -0000
Reply-to: Bug 1871879 <1871879@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

Tracked in Github Issues as https://github.com/canonical/cloud-
init/issues/3648

** Bug watch added: github.com/canonical/cloud-init/issues #3648
   https://github.com/canonical/cloud-init/issues/3648

** Changed in: cloud-init
       Status: Triaged => Expired

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1871879

Title:
  Configuring a user should not configure root's authorized_keys

Status in cloud-init:
  Expired

Bug description:
  When `ssh_authorized_keys` is configured in user-data keys are
  unconditionally copied into /root/.ssh/authorized_keys.

  If `disable_root` is set to true it leaks the actual configured
  username: "Please login as the user XYZ rather than the user root."
  With `disable_root` set to false you can login.

  It would be great if there were a way to actually disable root and not
  touch it at all. I fully understand that the info message is useful
  for new users, but it would be great to have a way to leave root
  alone.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1871879/+subscriptions

References

[Bug 1871879] [NEW] Configuring a user should not configure root's authorized_keys
From: Florian Apolloner, 2020-04-09