[Bug 1220273] [NEW] spaces in comment break cloud-init disabling of root ssh

Scott Moser smoser at ubuntu.com
Tue Sep 3 14:32:35 UTC 2013 

*** This bug is a security vulnerability ***

Private security bug reported:

Under bug 833499 we changed cloud-init to disable keypairs inserted by nova into /root/.ssh/authorized_keys.
It seems that that disabling is broken if the comment portion of an ssh authorized key entry has a space in it.  This is fixed in 13.04 and 13.10, but present in 12.04 and 12.10.

Normally, the comment portion of a keyname.pub entry would not have
spaces in it, but those generated by the horizon UI and by 'nova
keypair-add' do.

Reproducing the bug is easy enough:

 $ ssh-keygen -N '' -C 'My Comment Has Spaces' -f /tmp/testkey -t rsa
 $ cat /tmp/testkey.pub
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0nX6k7RdiFnK4OJOFNQuPIx/eLehnvO9DwrT7Hw9qTKxBPUChHZKkikATaD3DqNgGFgcQd1BxcY2NDwaop3tKLS36d1PGVfAyXjIhA1hnc1fkMP4dxn9u066CC/RQv2esNUTA+ItW2+9RbQNFRxMCxNRTyXlyWDzIToFjekXz3S9outDwQWcRV+4X0IbP0iSl1pD+7dxhHveaEVHA/QWOkY1yiOz+5Xqn75+LomqplF9tkQP5zvjnoKyGnDh9anaYxMQXOkpPpRaS4R2FuX6+uXo1o+MFze/Z1xqTVBOEqbutt4HmHS5rTa0lZNiTDt+JtKzo4RcAL4v+0RutIp+t My Comment Has Spaces

 $ nova keypair-show mytestkey | grep Public
 Public key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0nX6k7RdiFnK4OJOFNQuPIx/eLehnvO9DwrT7Hw9qTKxBPUChHZKkikATaD3DqNgGFgcQd1BxcY2NDwaop3tKLS36d1PGVfAyXjIhA1hnc1fkMP4dxn9u066CC/RQv2esNUTA+ItW2+9RbQNFRxMCxNRTyXlyWDzIToFjekXz3S9outDwQWcRV+4X0IbP0iSl1pD+7dxhHveaEVHA/QWOkY1yiOz+5Xqn75+LomqplF9tkQP5zvjnoKyGnDh9anaYxMQXOkpPpRaS4R2FuX6+uXo1o+MFze/Z1xqTVBOEqbutt4HmHS5rTa0lZNiTDt+JtKzo4RcAL4v+0RutIp+t My Comment Has Spaces

$ IMAGE_ID=033cc5c7-c485-4dac-b5cd-d7e33901be63 inst-20130903-141703
$ nova boot --key-name=mytestkey --flavor=m1.tiny --image=$IMAGE_ID mytest-instance

...
$ ssh -i /tmp/mytestkey root@$IP

I've verified that the following are broken:
 ubuntu-released/ubuntu-precise-12.04-amd64-server-20130827-disk1.img
 ubuntu-daily/ubuntu-quantal-daily-amd64-server-20130828.3-disk1.img

But that cloud-init inside of these images is resilient:
 ubuntu-daily/ubuntu-raring-daily-amd64-server-20130827-disk1.img
 ubuntu-daily/ubuntu-saucy-daily-amd64-server-20130830-disk1.img


Related bugs:
 * bug 833499: virt/disk.py unconditionally inserts public_keys into /root/.ssh/authorized_keys

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: cloud-init 0.6.3-0ubuntu1.6
ProcVersionSignature: Ubuntu 3.2.0-52.78-virtual 3.2.48
Uname: Linux 3.2.0-52-virtual x86_64
ApportVersion: 2.0.1-0ubuntu17.4
Architecture: amd64
Date: Tue Sep  3 14:25:35 2013
Ec2AMI: ami-0000049a
Ec2AMIManifest: FIXME
Ec2AvailabilityZone: nova
Ec2InstanceType: m1.tiny
Ec2Kernel: unavailable
Ec2Ramdisk: unavailable
MarkForUpload: True
PackageArchitecture: all
ProcEnviron:
 TERM=screen
 PATH=(custom, no user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: cloud-init
UpgradeStatus: No upgrade log present (probably fresh install)

** Affects: cloud-init (Ubuntu)
     Importance: Medium
         Status: Fix Released

** Affects: cloud-init (Ubuntu Precise)
     Importance: Medium
         Status: Triaged

** Affects: cloud-init (Ubuntu Quantal)
     Importance: Medium
         Status: Triaged

** Affects: cloud-init (Ubuntu Raring)
     Importance: Medium
         Status: Fix Released

** Affects: cloud-init (Ubuntu Saucy)
     Importance: Medium
         Status: Fix Released


** Tags: amd64 apport-bug cloud-images precise

** Information type changed from Public to Private Security

** Also affects: cloud-init (Ubuntu Precise)
   Importance: Undecided
       Status: New

** Also affects: cloud-init (Ubuntu Quantal)
   Importance: Undecided
       Status: New

** Also affects: cloud-init (Ubuntu Raring)
   Importance: Undecided
       Status: New

** Also affects: cloud-init (Ubuntu Saucy)
   Importance: Medium
       Status: Fix Released

** Changed in: cloud-init (Ubuntu Raring)
       Status: New => Fix Released

** Changed in: cloud-init (Ubuntu Quantal)
       Status: New => Triaged

** Changed in: cloud-init (Ubuntu Precise)
       Status: New => Triaged

** Changed in: cloud-init (Ubuntu Raring)
   Importance: Undecided => Medium

** Changed in: cloud-init (Ubuntu Quantal)
   Importance: Undecided => Medium

** Changed in: cloud-init (Ubuntu Precise)
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to cloud-init in Ubuntu.
https://bugs.launchpad.net/bugs/1220273

Title:
  spaces in comment break cloud-init disabling of root ssh

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1220273/+subscriptions

More information about the Ubuntu-server-bugs mailing list