[Bug 833499] [NEW] virt/disk.py unconditionally inserts public_keys into /root/.ssh/authorized_keys
Scott Moser
smoser at canonical.com
Thu Aug 25 03:26:00 UTC 2011
Public bug reported:
When cloud-init runs, it populates root's .ssh/authorized_keys with an entry like:
no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="echo 'Please login as the user \"ubuntu\" rather than the user \"root\".';echo;sleep 10" ssh-rsa A....dLQ0= nova at dziban
That blocks login as root with that key, and provides the user with a
message saying to login as the "ubuntu" user instead.
This is a security choice made by Ubuntu, and nova is overriding that
choice by inserting the key into /root/.ssh/authorized_keys when the
image is being built.
Personally, I think that disks provided to nova should be provided to
the guest 100% unmodified in all cases, but at very least, this needs to
be configurable.
ProblemType: Bug
DistroRelease: Ubuntu 11.10
Package: nova-compute 2011.3~d4~20110812.1417-0ubuntu1
ProcVersionSignature: Ubuntu 3.0.0-9.14-virtual 3.0.3
Uname: Linux 3.0.0-9-virtual i686
Architecture: i386
Date: Thu Aug 25 03:19:39 2011
PackageArchitecture: all
ProcEnviron:
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: nova
UpgradeStatus: No upgrade log present (probably fresh install)
** Affects: nova (Ubuntu)
Importance: Undecided
Status: New
** Tags: apport-bug ec2-images i386 oneiric uec-images
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nova in Ubuntu.
https://bugs.launchpad.net/bugs/833499
Title:
virt/disk.py unconditionally inserts public_keys into
/root/.ssh/authorized_keys
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nova/+bug/833499/+subscriptions
More information about the Ubuntu-server-bugs
mailing list