cloud-init should be able to switch off password auth in sshd
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cloud-init |
Fix Released
|
Medium
|
Unassigned | ||
cloud-init (Ubuntu) |
Fix Released
|
Low
|
Unassigned |
Bug Description
I've had a look but I can't see any facilities within cloud-init config system to manipulate the sshd configuration settings.
ISTM that cloud-init should open up sshd to the minimum required by the users configured by the cloud-init process (or if told to widen it further).
So password auth should be off unless passwords are specified. key auth should be off unless keys are retrieved, possibly sshd should not even be started if there are no users, etc.
At the moment the image I'm generating has password auth switched off in the default config, but obviously that means if somebody specifies a passworded user in the cloud-init config, then it won't work.
As an aside is there a general move to do all the 'cloud specific config' within cloud-init rather than in the image build?
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: cloud-init (not installed)
ProcVersionSign
Uname: Linux 3.2.0-30-generic x86_64
ApportVersion: 2.0.1-0ubuntu13
Architecture: amd64
CheckboxSubmission: 55cafa5b8b82ed2
CheckboxSystem: 3e53d3ea5811723
Date: Fri Sep 21 09:53:01 2012
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release amd64 (20111012)
SourcePackage: cloud-init
UpgradeStatus: Upgraded to precise on 2012-05-07 (136 days ago)
Changed in cloud-init (Ubuntu): | |
status: | New → Triaged |
importance: | Undecided → Low |
Changed in cloud-init: | |
status: | New → Confirmed |
importance: | Undecided → Medium |
> As an aside is there a general move to do all the 'cloud specific
> config' within cloud-init rather than in the image build?
Yes. Images should as much as possible be "generic ubuntu".