SSH keys not updated correctly when sshd_config "AuthorizedKeysFile" contains multiple values
Bug #1404060 reported by
Alex Gottschalk
This bug affects 9 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cloud-init |
Expired
|
Medium
|
Unassigned |
Bug Description
I have overridden the AuthorizedKeysFile stanza in my site's sshd_config, as follows:
AuthorizedKeysFile %h/.ssh/
This allows two locations for authorized keys, which is useful for us because reasons.
It looks like cloud-init is incorrectly parsing this line to determine where to drop user keys, as I'm ending up with the following file:
"/home/
I think cloud-init should probably treat whitespace as a field separator here, and append keys to all AuthorizedKeysFile entries listed.
Related branches
~amzn-cmiller/cloud-init:ssh_authorizedkeys
On hold
for merging
into
cloud-init:master
- Server Team CI bot: Needs Fixing (continuous-integration)
- Scott Moser: Needs Information
- Andrew Jorgensen: Pending requested
-
Diff: 137 lines (+91/-1)2 files modifiedcloudinit/ssh_util.py (+27/-0)
tests/unittests/test_sshutil.py (+64/-1)
~yeazelm/cloud-init:ssh_authorizedkeys
Rejected
for merging
into
cloud-init:master
- Andrew Jorgensen (community): Needs Fixing
- Server Team CI bot: Needs Fixing (continuous-integration)
- Scott Moser: Needs Fixing
-
Diff: 99 lines (+49/-2)3 files modifiedcloudinit/sources/DataSourceAzure.py (+1/-1)
cloudinit/ssh_util.py (+7/-0)
tests/unittests/test_sshutil.py (+41/-1)
summary: |
- authorized_keys not updated when sshd_config "AuthorizedKeysFile" + SSH keys not updated correctly when sshd_config "AuthorizedKeysFile" contains multiple values |
Changed in cloud-init: | |
status: | New → Confirmed |
importance: | Undecided → Medium |
status: | Confirmed → Triaged |
milestone: | none → 0.7.7 |
Changed in cloud-init: | |
milestone: | 0.7.7 → 0.7.8 |
Changed in cloud-init: | |
milestone: | 0.7.8 → 0.7.9 |
Changed in cloud-init: | |
milestone: | 0.7.9 → none |
milestone: | none → 0.7.10 |
To post a comment you must log in.
While a very crude workaround, this is good enough for my purposes.