cloud-init

SSH key options are not respected when user is root

Bug #1924614 reported by Tris Emmy Wilson on 2021-04-15

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	cloud-init	Expired	Low	Unassigned

Bug Description

In user data, if "user" is set to "root" and "ssh_authorized_keys" are set, any SSH key options are ignored. For example, with the following:

    user: root
    ssh_authorized_keys:
      - cert-authority,principals="globalroot" ssh-ed25519 SomeEd25519Key Global User Issuing CA

...the following ends up in ~root/.ssh/authorized_keys:

ssh-ed25519 SomeEd25519Key Global User Issuing CA

However, the SSH key options are respected when "user" is not set to root.

I think, but am not sure, that this is due to an oversight in the `apply_credentials` method in `cc_ssh.py`. In this snippet:

    if disable_root:
        if not user:
            user = "NONE"
        key_prefix = disable_root_opts.replace('$USER', user)
        key_prefix = key_prefix.replace('$DISABLE_USER', 'root')
    else:
        key_prefix = ''

"key_prefix" being set to the empty string causes "ssh_util.setup_user_keys" to pass a non-None value to AuthKeyLineParser.parse, causing it to ignore the options set on the key in favor of the empty string. I think setting "key_prefix = None" here may fix the problem but don't know enough about the cloud-init development process + what the security implications of this might be.

I'm testing in a Proxmox 6 environment using the Debian 10 OpenStack cloud-init image.

Revision history for this message

Tris Emmy Wilson (emptystring) wrote on 2021-04-15:

cloud-init collect-logs output Edit (107.7 KiB, application/x-tar)

Revision history for this message

Paride Legovini (paride) wrote on 2021-04-16:

Hello Tris and thanks for your bug report. I agree with your findings and could reproduce the issue. The fact that key_prefix is set to the empty string is likely to be the culprit, as you found out already.