Yubikey ssh public key not added to authorized_keys

Bug #1877869 reported by Gergely Imreh
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Fix Released

Bug Description

I have an ssh key generated for Yubikey, with "ssh-keygen -t ecdsa-sk ..." which results in an ssh public key of "<email address hidden> ...."

When I add that key to "ssh_authorized_keys", it doesn't get added to the authorized_keys file, even though other, regular "ssh-rsa" keys are added. For example this config:

  - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2qSqrC6lsKqpY6fKF2LDxET/DuCJcKGTFnpFHPWj0yqVsvqooUIDKXCgEXx0rOJaqUpnnXWfij0/Yr4l8GxmJGr9hpkG+MXhwYehDvbZHrP5C/MPyyOCqjPlr3d4touBAhCTNJapFSHYnoQfguuGbZDS8Nfvu6JYS0ODvbgp8z5BnZVVFW4J7ms2QQwHIyvc5kk6sUvlL1xqRu+2mLz4vPxTqGPPLDdfbSOapCI5i4yZxLziIWSOdPBUlAnFRV4ONKT7m3/pT2wUkObprCKZAMH+bL52GYxOToUXm6EaFUGR+ptiMWbQXHIxiZfxtinp6LfZouRJz9/+vKQoTBPXJ"
  - "<email address hidden> AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBIofALjMlvK/KmwHVhzqIV4HTylBjos4xQqRE+GKQqe1a/LOKTGluhneCq3WE5L9578ZLQENWPrqIoUWjg/XcxAAAAAEc3NoOg=="

results in only "ssh-rsa" key being added, (I've also tried specifying them in different order and the same outcome).

Tested on Ubuntu 20.04, on AWS.

Tags: bitesize
Revision history for this message
Gergely Imreh (imrehg) wrote :
description: updated
description: updated
Revision history for this message
Paride Legovini (paride) wrote :

Thanks Gergely for reporting this bug. It seems that the U2F key formats are not yet covered in ssh_util.py. The key formats are defined in [1] and we probably want to add all of:

  <email address hidden>
  <email address hidden>
  <email address hidden>
  <email address hidden>

[1] https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.u2f

Changed in cloud-init:
status: New → Triaged
Dan Watkins (oddbloke)
tags: added: bitesize
Revision history for this message
Dan Watkins (oddbloke) wrote :
Changed in cloud-init:
status: Triaged → In Progress
Revision history for this message
James Falcon (falcojr) wrote : Fixed in cloud-init version 20.3.

This bug is believed to be fixed in cloud-init in version 20.3. If this is still a problem for you, please make a comment and set the state back to New

Thank you.

Changed in cloud-init:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers