cloud-init fails to disable ecdsa-sha2-nitp521 keys

Bug #1658174 reported by Lars Kellogg-Stedman
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Fix Released

Bug Description

cloud-init adds ssh_authorized_keys to the default user fedora and to root but for root it disables the keys with a prefix command that echoes the helpful message:

'Please login as the user "fedora" rather than the user "root".'

However, if the key is of type ecdsa-sha2-nistp521, it is not parsed correctly, and the prefix command is not prepended.

This means that ECDSA keys can be used to login to root.

Related branches

Scott Moser (smoser)
Changed in cloud-init:
status: New → Fix Committed
importance: Undecided → Medium
Revision history for this message
Scott Moser (smoser) wrote : Fixed in Cloud-init 17.1

This bug is believed to be fixed in cloud-init in 17.1. If this is still a problem for you, please make a comment and set the state back to New

Thank you.

Changed in cloud-init:
status: Fix Committed → Fix Released
Revision history for this message
James Falcon (falcojr) wrote :
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.