Key trust verification fails on Ubuntu 22.04
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ec2-instance-connect (Ubuntu) |
Fix Released
|
Critical
|
Utkarsh Gupta | ||
Jammy |
Fix Released
|
Critical
|
Utkarsh Gupta |
Bug Description
[Impact]
========
Can't get EC2 instance connect to work on Ubuntu 22.04 due to what seems to be an issue with trust chain verification. This is due to a change in OpenSSL 3.0.2.
[Test Plan]
===========
To reproduce:
- Launch an EC2 instance with the current Ubuntu 22.04 AMI (e.g. ami-0aeb7c931a5
- Try to connect to it via mssh ubuntu@
- Observe that the command fails with "Permission denied (publickey)."
When using the --debug flag with mssh, I see that the public key is pushed successfully, but the remote rejects the connection:
```
...
2022-05-06 09:10:58,549 - EC2InstanceConnect - DEBUG - Successfully got instance information from EC2 API for <instance-id>
...
2022-05-06 09:10:59,189 - EC2InstanceConnect - DEBUG - Successfully pushed the public key to <instance-id>
2022-05-06 09:10:59,190 - EC2InstanceConnect - DEBUG - Generated command: ssh -o "IdentitiesOnly
ubuntu@<ip>: Permission denied (publickey).
2022-05-06 09:10:59,612 - EC2InstanceConnect - DEBUG - Deleting the private key file: /var/folders/
```
On the instance side, the following error is logged:
```
AuthorizedKeysC
```
[Where Problems Could Occur]
=======
The package is broken for 22.04 so not a lot of things can go wrong there. However, if the user has done some manual workarounds, it could break that. But chances are less, IMO. \o/
[Upstream Bug and Fix]
=======
https:/
https:/
Changed in ec2-instance-connect (Ubuntu): | |
importance: | Undecided → Critical |
Changed in ec2-instance-connect (Ubuntu Jammy): | |
importance: | Undecided → Critical |
assignee: | nobody → Utkarsh Gupta (utkarsh) |
This bug was fixed in the package ec2-instance- connect - 1.1.14-0ubuntu2
--------------- connect (1.1.14-0ubuntu2) kinetic; urgency=medium
ec2-instance-
* Add patch to fix parse authorized keys script
to work with OpenSSL 3.0.2. (LP: #1973114)
-- Utkarsh Gupta <email address hidden> Thu, 12 May 2022 10:58:05 +0530