cloud-init fails to disable ecdsa-sha2-nitp521 keys

Bug #1658174 reported by Lars Kellogg-Stedman on 2017-01-20
This bug affects 1 person
Affects Status Importance Assigned to Milestone

Bug Description

cloud-init adds ssh_authorized_keys to the default user fedora and to root but for root it disables the keys with a prefix command that echoes the helpful message:

'Please login as the user "fedora" rather than the user "root".'

However, if the key is of type ecdsa-sha2-nistp521, it is not parsed correctly, and the prefix command is not prepended.

This means that ECDSA keys can be used to login to root.

Related branches

Scott Moser (smoser) on 2017-01-24
Changed in cloud-init:
status: New → Fix Committed
importance: Undecided → Medium

This bug is believed to be fixed in cloud-init in 17.1. If this is still a problem for you, please make a comment and set the state back to New

Thank you.

Changed in cloud-init:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers