cloud.cfg.tmpl should not include "ssh_deletekeys: 0"
Bug #1781094 reported by
Doran Moppert
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cloud-init |
Fix Released
|
Medium
|
Unassigned |
Bug Description
It seems that cloud-init inherited from Fedora the inclusion of "ssh_deletekeys: 0" in cloud.cfg.tmpl (commit 41d46bfb85). This is risky in orchestration environments where an instance might be used as a master or template, and cloned from without other tools removing SSH host keys. We believe that line should be removed from cloud.cfg.tmpl to reduce the risk of it being used in such environments.
CVE-2018-10896 has been assigned [1]. On the Fedora bug [2] we are looking into history.
1: https:/
2: https:/
Related branches
~chad.smith/cloud-init:ubuntu/devel
- Scott Moser: Approve
- Server Team CI bot: Approve (continuous-integration)
-
Diff: 799 lines (+496/-39)14 files modifiedbash_completion/cloud-init (+5/-2)
cloudinit/cmd/devel/net_convert.py (+23/-12)
cloudinit/cmd/devel/parser.py (+13/-7)
cloudinit/net/eni.py (+9/-2)
cloudinit/net/netplan.py (+4/-0)
cloudinit/sources/DataSourceOpenNebula.py (+1/-1)
config/cloud.cfg.tmpl (+0/-2)
debian/changelog (+14/-0)
doc/rtd/topics/debugging.rst (+1/-1)
tests/unittests/test_cli.py (+1/-2)
tests/unittests/test_datasource/test_opennebula.py (+406/-2)
tests/unittests/test_net.py (+6/-0)
tools/Z99-cloud-locale-test.sh (+8/-5)
tools/Z99-cloudinit-warnings.sh (+5/-3)
~smoser/cloud-init:fix/1781094-ssh-deletekeys
Merged
into
cloud-init:master
- Ryan Harper: Approve
- Server Team CI bot: Approve (continuous-integration)
-
Diff: 13 lines (+0/-2)1 file modifiedconfig/cloud.cfg.tmpl (+0/-2)
To post a comment you must log in.
I'll fix the upstream config/ cloud.cfg. tmpl to not include 'ssh_deletekeys: 0'.
Is there anything else expected there?
FWIW, this is from cloud-init commit: /git.launchpad. net/cloud- init/commit/ ?id=7fc73a8d558 57
https:/
which references that it came from fedora packaging commit 26cced4597e7298 835024466c2 /src.fedoraproj ect.org/ cgit/rpms/ cloud-init. git/commit/ ?id=87f33190f43 d2b26cced4597e7 298835024466c2
87f33190f43d2b
https:/